You've got (certified) mail!

CEO Richard Gingras explains the tech behind a service that lets companies pay a fee to guarantee their e-mails get past spam filters.

Saying they want to cut down on the glut of spam and phishing attacks aimed at their millions of users, America Online and Yahoo are turning to a controversial service offered by a company called Goodmail Systems, which has been likened to an electronic postage stamp provider.

The service gives preferential treatment to companies that pay a fraction of a cent per e-mail to ensure that their messages bypass spam filters and get through to the intended recipients. The companies agree to send e-mail only to recipients who are willing to accept the e-mail.

The business model not only challenges the notion of free flow of information upon which e-mail has thrived for more than a decade, but is prompting criticism from advertisers and antispam groups who say it amounts to extortion and poses a threat to legitimate e-mail messages from senders who don't agree to pay, without really decreasing spam.

Goodmail Systems' co-founder and Chief Executive Richard Gingras talked with CNET News.com about how the service works and why he believes it will improve the e-mail experience for consumers and advertisers.

Q: What does your company do and why is it in the news of late?
Gingras: What we do is related to efforts to really begin to restore trust and reliability to e-mail. As you know well, the e-mail in-box is a place of fear, uncertainty and doubt today.
There's been an unfortunate degree of intentional misrepresentation as to what this is about.

Nearly 30 percent of U.S. e-mail users have said that they won't open a message from any financial institution because they're concerned about its authenticity. So what we set out to do with certified e-mail was create a new class of e-mail where we could provide the consumer with the comfort that the messages they were expecting to receive from commercial sources were indeed authentic and were messages that you could comfortably interact with.

Who are you working with?
Gingras: We will be launching the service within the next several weeks with AOL and shortly thereafter, within a couple of months, with Yahoo.

How big is the problem today that you're trying to solve?
Gingras: The loss of trust is a big problem in a number of ways. When you have as high a number as 30 percent (of e-mail users) saying, "I just won't even take a chance with a financial institution message," that's a pretty devastating fact. When I have to be concerned about any message that has images in HTML because it might be spoofing a brand or, God forbid, spawning a virus, that's a very damaging thing.

The second important characteristic is the dramatic loss in delivery reliability. There's almost no such thing as reliable delivery for commercial messages today. Third-party sources have estimated that, on average, 15 percent to 20 percent of commercial e-mail messages do not make it to the in-box because they've been snared by spam filters for one reason or another.

So, tell me how it works exactly?
Gingras: First of all, it's very important that (e-mail) is only available to highly qualified senders who have a pristine record of sending behavior. First, we comprehensively accredit the sending entity. We check basic facts about the company that they provide to us--how long they've been in business, their credit rating, their physical address, the number of employees they have--everything that we can use to vet the validity of the information they're providing and to be sure that we have a legal path of accountability. Suffice it to say if the company has been in business less than a year, it'll even be more difficult for them to qualify. We have to be comfortable that they are an existing legitimate entity.

I don't know a legitimate commercial sender out there who isn't frustrated with the damage done to the space by spam and phishing.

The second step is to verify that their past sending behavior has been pristine. So, what kind of complaint levels have they had in their volume sending? Are partners comfortable that they have appropriately pristine sending records? As they use certified e-mail, we monitor their sending behavior in an ongoing fashion. We monitor complaint levels so that we can be sure they're upholding the acceptable use policies of the system and that they're again continuing to operate in a pristine fashion.

Third, they can only use certified e-mail for permission-based messages to existing customers. This is not a vehicle for prospect marketing. Since we maintain reputation profiles on the senders, we can use that to verify that their assertions about permissions are actually true. If you get that far, then we provide you with the ability to tokenize your messages.

How does the company view itself in this context?
Gingras: We see ourselves as a trust intermediary. We don't see recipient addresses; we don't see message bodies; and messages don't get sent through us. But we do provide a cryptographic token that we sign that you add to your message as an X-Header that is unique to each message instance that's a very important security capability. It allows us to track the messages as they course through the system. It allows us to have very accurate data on the sending volume of certified e-mail messages.

Featured Video