-------- Original Message --------
Subject: Re: [IP] Yahoo, AOL, Goodmail and IP
Date: Wed, 08 Feb 2006 14:17:55 -0800
From: Dave Crocker <dhc2@private>
Reply-To: dcrocker@private
Organization: Brandenburg InternetWorking
To: dave@private
CC: ip@private
References: <43EA6390.6080202@private>
Dave Farber wrote:
> I would not pay. I woud tell IPers to get another isp djf
> From: Cindy Cohn <cindy@private>
>
> I blogged a piece about the recent decision by AOL and Yahoo to use the
> Goodmail system that might be of interest to IP. EFF will be doing more
> on this topic, but we wanted to start the discussion.
Dave,
Without commenting on the particulars as they relate to Goodmail --
especially
since I am on the advisory board for Habeas, a competitor -- leet me
note that
public discussion is largely missing the nature of the current Internet
mail
realities and the nature of the ways we can deal with them.
There are two articles in the current issue of the Internet Protocol
Journal
<http://cisco.com/ipj>, of which I wrote one, that provide some useful
background about this reality.
Simply put, Internet mail needs to sustain spontaneous communications --
that
is, communications without prior arrangement -- and the benefit of such a
capability is fundamental. However the scale and diversity of the modern
Internet now includes many folk who the security geeks appropriately
call Bad
Actors. We are stuck with these competing points: Maintaining open
contact,
but dealing with some very nasty users.
A great deal of very good work has been done, to detect these bad actors
and
their bad messages. Often, that work is quite helpful. In spite of this
the
total amount of global spam and email abuse has yet not gone down. We must
continue with efforts to detect and deal with Bad Actors, but there is a
separate path that is at least as valuable:
We need methods for distinguishing Good Actors. Folks who are deemed
"safe". In effect, we need a Trust Overlay for Internet mail, to permit
differential handling of mail from these good actors.
In general terms, a trust overlay requires reliable and accurate
identification
of the actor and a means of assessing their goodness. In other words,
authentication and reputation.
We are already pursuing a standard for message transit handling
authentication,
through Domain Keys Identified Mail (DKIM). See <http://dkim.org>.
There is
discussion about various assessment standards for reputation and
accreditation.
Although DKIM is quite viable in its pre-standards form, there is no
candidate
for standardized reputation reporting.
With all of this as background, imagine that you are an online service that
needs to ensure that a customer order confirmation, or an equivalent
critical
transaction message, is delivered to the customer. Then imagine that
you are
offered a means of safely and reliably identifying this specific class
of mail,
so that it receives differential handling. The incentives for a company
to pay
to ensure that delivery are substantial.
And that is what the recent announcement is about. It concerns a means of
ensuring delivery of "transactional" mail. This is quite different from
"marketing" mail and it is not in the least controversial.
I would greatly wish that the mechanisms used open standards, but the basic
model of developing a trust-based overlay for Internet mail seems an
essential
enhancement.
/d
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
-------- Original Message --------
Subject: Re: [IP] more on Yahoo, AOL, Goodmail and IP]
Date: Thu, 09 Feb 2006 08:20:15 +0530
From: Suresh Ramasubramanian <suresh@private>
Organization: -ENOENT
To: dave@private
CC: dhc2@private, Declan McCullagh <declan@private>, Cindy
Cohn <cindy@private>
References: <43EA74A2.6020209@private>
Dave Farber wrote:
> From: Dave Crocker <dhc2@private>
>> I would not pay. I woud tell IPers to get another isp djf
>> From: Cindy Cohn <cindy@private>
>>
>> I blogged a piece about the recent decision by AOL and Yahoo to use
>> the Goodmail system that might be of interest to IP. EFF will be
>> doing more on this topic, but we wanted to start the discussion.
>
> Without commenting on the particulars as they relate to Goodmail --
> especially since I am on the advisory board for Habeas, a competitor --
Cindy's piece on the EFF website seems to be a bit of a pastiche, with
elements taken out of various articles (some outright wrong, some merely
misinformed) that have been doing the rounds of the media for quite a
while now about goodmail
She started off comparing AOL and goodmail with the old email hoax about
congress taxing email. That same line was used in a circleid post by
Matt Blumberg, CEO & Chairman of Returnpath (technically one of
goodmail's competitors though they are in a slightly different space) -
http://www.circleid.com/posts/aol_and_goodmail_two_steps_back_for_email/
Various other quotes from different places - Richard Cox from spamhaus
on cnn for example.
However a lot of the quotes in those articles are being based on wrong
or out of context assumptions, starting with one that goes "AOL is going
to remove all its existing whitelists and force people to use goodmail".
This article has been written by the simple expedient of copying and
pasting together articles from media and using second hand quotes from
various people instead of getting quotes from them directly ..
.. and then stirring the pot a bit more, by calling goodmail a
"shakedown" of people operating non commercial mailing lists, and then
using the good old slippery slope theory to imply that people cant even
email their relatives at AOL without getting a goodmail stamp.
I have several questions that still need answering about goodmail,
because it is a proprietory system and so far being used on two closed
and highly customized mail systems (Yahoo and AOL) where they control
the user interface as well (yahoo webmail, AOL's email program). Oh, and
because I'm buried in work and havent had the time to dig deeper than
this yet.
And, so far, I have not been very much impressed by Cindy and other EFF
posters efforts to prove that spam filtering is bad and infringes on
free speech, on IP, politech and elsewhere.
http://www.politechbot.com/2004/11/15/suresh-ramasubramanians-critique/
But even if I were to leave all that context out of my comments there,
that EFF posting is not a balanced story, it is a hatchet job. Cindy's
not doing any service to herself, or to the EFF, by posting that.
>
> And that is what the recent announcement is about. It concerns a means
> of ensuring delivery of "transactional" mail. This is quite different
> from "marketing" mail and it is not in the least controversial.
>
Bank statements. Air tickets. And other stuff that is sent to millions
of people who have asked for it, who need it to catch their flight, or
get a loan, and sometimes dont get it because it gets mistaken for
phishing email, quite frequently by the user himself (you'd be surprised
how often that happens, but quite probably, as you have operated a list
for years now, that is not going to come as a surprise) :)
So, banks, airlines etc decide to pay a bit extra to get a goodmail
cert, that AOL's email software then translates to a seal of some kind
that says its valid email. And further, trusts goodmail's vetting of
people who sign on enough to not subject email from goodmail users to
further filtering. I dont know what Cindy thinks, but well, I'd love to
know, for SURE, that email claiming to be from my bank is actually from
my bank .. and I'd sure appreciate having a copy of my ticket with me
for sure before I go catch a plane.
What's missing (and indeed, doesnt belong) in this picture? Surely not
Aunt Tilly emailing her relatives, or Dave and Declan running mailing
lists for thousands of people over a decade?
That's a bad strawman to raise, Cindy. An even worse one than the ones
you've raised so far. And your tone's getting way too strident for you
to turn out anything that's balanced and factual.
regards
srs
ps: disclaimer if people need it - I'm not affiliated to and as of now
dont have plans of using where I work - an email provider that's just
over a third the size of AOL, with about 40 million users
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Thu Feb 09 2006 - 00:48:57 PST