Buy Today!
Book Cover
The Music Video
You've got to see it to believe it: Check out the "Mister Spam Man" video at YouTube.
Search Dispatches
Archives
May 2019
March 2019
August 2018
July 2018
June 2018
May 2018
April 2018
December 2017
November 2017
September 2017
August 2017
July 2017
February 2017
March 2016
January 2016
November 2015
May 2015
April 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
April 2013
February 2013
January 2013
December 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
Dispatches RSS Feed
Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Social Engineering and Spyware | Main | About Passwords »

April 16, 2006

About the "Email Tax"

On April 3, 2006, I was one of several witnesses who testified before a Select Committe in Sacramento, CA. The title of the hearing chaired by Senator Dean Florez was: "AOL: You Have Certified Mail! Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?"

This hearing grew out of the hubbub caused by AOL's announcement that it was going to use Goodmail as a sender accreditation service, and the outcry from various groups unified around the DearAOL campaign. That campaign did a good job of branding the notion of an "email tax" into the minds of many.

AOL managed to mis-communicate a lot of what it was doing with regard to whitelisting senders. And, just when you think they got their message out correctly, they "step in it" again by censoring email messages that included links to the DearAOL Web site. If they ever get to the bottom of that caper, I bet they'll find it was the work of an overzealous employee in the email department who was upset by the inflammatory (and often ill-informed) comments posted in the DearAOL blog, and didn't want any AOLer to learn about it. Unfortunately, the results make AOL look, once again, like an Evil Email Empire. They really have to stop aiming the rifle at their own feet and pulling the trigger.

Back to the Sacramento hearing, I was on the first panel of witnesses in a section titled "Defining the Issue." The following is a copy of my prepared statement read into the record.

My name is Danny Goodman, a freelance writer for the past 25 years (San Mateo County resident since 1983) and author of the book Spam Wars (2003, SelectBooks), as well as 41 other computer-related titles. To help me monitor electronic mail (email) systems that consumers face, I currently have email accounts at America Online, Comcast, EarthLink, Google, and Hotmail. My primary email activity is based at my own domain (dannyg.com), where I have managed the email server since 1995, including responsibility for all spam filtering. Spam and virus statistics from that domain are posted daily at my Spam Wars web site (spamwars.com/stats.html).

I appear here today to share my thoughts from the point of view of my primary audience, the electronic mail-using consumer. Issues surrounding email spam are complex, but I will limit this discussion to the area of deliverability of email messages, which appears to be the crux of some recent controversy.

As I document in my book, an absolute definition of “spam” is difficult to establish. My working definition is as follows:

An automated email message sent to the recipient without explicit prior consent.

In practice, however, spam is in the eye of the recipient. To one ISP customer, the twelfth mortgage refinancing invitation of the day is highly undesirable; to another customer of the same ISP, that same message may be the only piece of email received the entire day, and may, in a sense, be welcomed as entertainment or even proof that one’s email is still working. However, if the volume of that kind of message increases beyond the recipient’s acceptable threshold, such email messages suddenly become a “spam problem.”

Overlooked in many legislative activities surrounding spam is that the subject matter of the message is of no importance to the “problem.” Thus, narrowing definitions to phrases such as “unsolicited commercial email” is a wasteful exercise. Instead, the problem with spam is that unlike unsolicited postal mail, spam places the greatest burden not on the sender, but on: a) the infrastructure that relays and receives messages; and b) the recipient, whose communications, computer, and time resources are gobbled up by a relentless flow of unwanted messages.

From the recipient’s point of view, the issue is one of consent, not content. An ideal relationship between sender and recipient is a two-way agreement: the sender transmits automated messages to the recipient because the recipient has explicitly requested to receive such messages. In other words, recipients are best served in what is called a “confirmed opt-in” scenario (the Direct Marketing Association refers to this technique as “double opt-in”). In this technique:


  1. The recipient signs up to receive mailings (typically at a web site) by submitting an email address to the sender.

  2. The sender responds via email to the submitted email address with a coded link.

  3. The recipient clicks on the link or enters the code into the sender’s web site to confirm that the subscription is a legitimate one.

This approach eliminates the possibility of “being subscribed” to a mailing list without the addressee’s prior consent. A sender who transmits automated messages exclusively to subscribers through the confirmed opt-in mechanism (and promptly handles subscription cancellations) is, in my opinion, a responsible email sender, not a spammer.

(Admittedly, some confirmed opt-in recipients either forget that they had confirmed their subscriptions, mistakenly report subscribed mailings as spam, or inherit reissued email addresses that had previously confirmed subscriptions. Thus, at times, even a responsible sender might be accused of spamming, but certainly not at the levels of a sender who indiscriminately transmits messages to address lists gathered through a variety of means, legal and otherwise.)

The bottom line for consumers’ relationships with their ISPs is that recipients want to receive messages that they want and would prefer that their ISPs filter or segregate messages that they don’t want, regardless of content. As simple as that request sounds, it presents enormous difficulties for ISPs.

Email filtering technologies improve all the time, as do spammers’ determination to bypass those filters. Even the best filtering technologies at the ISP level will be less than perfect. Some spam will get through; and some desired messages will get rejected, deleted, or sidetracked into “spam suspects” folders. In addressing its customers’ spam concerns, an ISP must constantly balance filtering undesirable email against delivering desirable email—and sometimes it’s the same message for different recipients.

I should also note that senders come in all shapes and sizes. Among the senders whose messages seem to be most undesirable among spam fighters in the United States are those who violate one or more provisions of the U.S. CAN-SPAM law. These are predominantly senders who use numerous deceptive tactics, fail to identify themselves, send to addresses illegally harvested from the Internet, rarely permit unsubscriptions, and relay their messages anonymously through hijacked computers around the world. It is their goal to minimize the expense of delivering as many messages to as many email addresses as possible so that even a minimal response rate will result in a profitable campaign.

It is this criminal class of spammer, along with the growing underworld of scammers and those dedicated to hijacking personal computers that cause the greatest grief to ISPs. Customers expect their ISPs to act as shields to this Bad Stuff. The efforts that responsible ISPs and organization email administrators expend—in terms of software, hardware, and personnel—to fight off this incessant flood is the real “email tax” that everyone pays, like it or not. Every email user pays that tax with time and/or money (e.g., a portion of subscription fees).

That an ISP would turn to an email sender accreditation service as a tool to manage incoming email is not surprising. My understanding of these services is that they assist an ISP in determining if a particular sender adheres to defined guidelines. On the one hand, the mass of sleazy spammers who commit the most and worst offenses would never subscribe to any such service because of both the expense and the need to identify themselves truthfully. On the other hand, if an ISP used such a service as the exclusive gatekeeper to incoming automated email, it would fail to deliver some desired messages from legitimate and responsible email senders who can’t or won’t pay for accreditation. Customers of such an ISP would soon revolt and leave for the other readily available ISP alternatives (or use other email systems accessible through the Internet, including free ones). It wouldn’t take long for a host of unaccredited but responsible confirmed opt-in senders to warn potential subscribers away from “ISP X” because it doesn’t deliver their mailings. Woe unto the ISP who is perceived to be an arbitrary censor of desirable incoming email.

Additionally, if an ISP uses such a service as just one of many tools to manage email, customers would equally revolt if they discover that a sender who pays his way automatically gets a “free ride” for unwanted messages into inboxes. Just as spam is in they eye of the recipient, a garbage email message will still be considered a garbage email message, no matter how many “gold stars” the ISP attaches to it. If the service and ISP do a poor job of eliminating unwanted messages of any kind, the customer has little incentive to remain a customer. Woe unto the ISP who allows itself to become known as a spam conduit.

As I stated earlier, email users simply want to receive messages they want and not be flooded with messages they don’t want. An ISP that applies tools that fail at that basic task risks losing its customers in what has become a highly competitive marketplace.

My personal take on the DearAOL uproar is that it has turned out to be a tempest in a teapot. On the other hand, it's great that there are people and organizations out there to keep an eye on powerful business entities and call those companies to task for potentially abusing their powers. Those behind DearAOL also learned (as if they didn't already know) that a short, catchy word banner ("email tax") leaves an impression more powerful and longer lasting than the meat of the details being said in front of it. Reminds me of "Mission Accomplished."

Posted on April 16, 2006 at 01:24 PM