Goodmail, One Year Later

Opinion: Opponents of the accreditation service predicted that AOL would have no incentive to maintain its standard spam filtering once it got a piece of the Goodmail action. So what actually happened?

It was a big deal, just about a year ago. AOL announced that it would be implementing Goodmail CertifiedEmail, an accreditation service. The service has been operating, according to Goodmail, since May of 2006.

The way it works is that Goodmail sets technical and business criteria for e-mail senders. Those who qualify can pay a per-message fee to send specially signed messages that will be escorted around the standard AOL spam filtering procedures. The messages appear in the AOL client with a special display saying that they are certified as being from the purported sender.

A grass-roots stink was made, engineered by the Electronic Frontier Foundation. Go to, the home page for the anti-Goodmail revolution, to get their side of it in their own words, but my summary is that the EFF argued that a financial interest in accreditation, and particularly one that had a per-message fee, gave AOL perverse incentives that would result in a degradation of quality in spam filtering.

There are almost 46,000 signers to their petition (although a large number of these signers have names like "buy vicodin online" and "parts corolla" and link to spam sites).

Once it made money on each certified message, AOL would have no incentive to maintain its whitelisting service. As a result, small senders of bulk mail, such as small nonprofits, would find their messages blocked and themselves pressured to pony up money to Goodmail and AOL.

I always thought it was a specious argument. AOL insisted that the revenue cut from Goodmail was bound to be puny and that it was supporting Goodmail not for the direct monies but to decrease its false positives with big commercial senders. This made, and continues to make, sense to me.

/zimages/4/28571.gifMatt Hines chats with VeriSign Director of Product Marketing Tim Callan about the companys new Extended Validation digital certificates and how they aim to help businesses and end users fight phishing and online fraud. Click here to listen to the podcast.

So whats happened over the last year? If its really nine months since AOLs been sending out CertifiedEmail, then we should have seen something by now. I decided to ask the major players for their impressions and was surprised that nobody was all that anxious to talk.

AOL and Goodmail, it seems, dont want an annual round of controversy. All AOL would say is that its on target, whatever that means, and that the process by which senders get themselves on the whitelist has gotten simpler, not more difficult.

The requirements are interesting, in that they force the sender to think about both policy and technical considerations, but it all looks doable for all but very small senders ("An organizations mail servers must send a minimum of 100 e-mails per month to maintain whitelist status"). Theres actually a large overlap between AOLs rules and the rules set by Goodmail in its Acceptable Use and Security Policy (here in PDF form).

I asked Goodmail, and it didnt have much to say either, besides its claim that it has "just over 300 sending brands using CertifiedEmail—this in just about half a year of availability." Incidentally, it also claims to have gone live on Yahoo Mail in December. This is where things got a little confusing.

First, Goodmail says that it "went live ... in December at Yahoo," but Yahoo tells me that "we recently started testing a CertifiedEmail system which includes transactional e-mails from trusted institutions." A small exaggeration perhaps, beefing up a test into a deployment.

Next page: How much Goodmail is going on?