You've got (certified) mail!

CEO Richard Gingras explains the tech behind a service that lets companies pay a fee to guarantee their e-mails get past spam filters.

Software
Saying they want to cut down on the glut of spam and phishing attacks aimed at their millions of users, America Online and Yahoo are turning to a controversial service offered by a company called Goodmail Systems, which has been likened to an electronic postage stamp provider.

The service gives preferential treatment to companies that pay a fraction of a cent per e-mail to ensure that their messages bypass spam filters and get through to the intended recipients. The companies agree to send e-mail only to recipients who are willing to accept the e-mail.

The business model not only challenges the notion of free flow of information upon which e-mail has thrived for more than a decade, but is prompting criticism from advertisers and antispam groups who say it amounts to extortion and poses a threat to legitimate e-mail messages from senders who don't agree to pay, without really decreasing spam.

Goodmail Systems' co-founder and Chief Executive Richard Gingras talked with CNET News.com about how the service works and why he believes it will improve the e-mail experience for consumers and advertisers.

Q: What does your company do and why is it in the news of late?
Gingras: What we do is related to efforts to really begin to restore trust and reliability to e-mail. As you know well, the e-mail in-box is a place of fear, uncertainty and doubt today.
There's been an unfortunate degree of intentional misrepresentation as to what this is about.

Nearly 30 percent of U.S. e-mail users have said that they won't open a message from any financial institution because they're concerned about its authenticity. So what we set out to do with certified e-mail was create a new class of e-mail where we could provide the consumer with the comfort that the messages they were expecting to receive from commercial sources were indeed authentic and were messages that you could comfortably interact with.

Who are you working with?
Gingras: We will be launching the service within the next several weeks with AOL and shortly thereafter, within a couple of months, with Yahoo.

How big is the problem today that you're trying to solve?
Gingras: The loss of trust is a big problem in a number of ways. When you have as high a number as 30 percent (of e-mail users) saying, "I just won't even take a chance with a financial institution message," that's a pretty devastating fact. When I have to be concerned about any message that has images in HTML because it might be spoofing a brand or, God forbid, spawning a virus, that's a very damaging thing.

The second important characteristic is the dramatic loss in delivery reliability. There's almost no such thing as reliable delivery for commercial messages today. Third-party sources have estimated that, on average, 15 percent to 20 percent of commercial e-mail messages do not make it to the in-box because they've been snared by spam filters for one reason or another.

So, tell me how it works exactly?
Gingras: First of all, it's very important that (e-mail) is only available to highly qualified senders who have a pristine record of sending behavior. First, we comprehensively accredit the sending entity. We check basic facts about the company that they provide to us--how long they've been in business, their credit rating, their physical address, the number of employees they have--everything that we can use to vet the validity of the information they're providing and to be sure that we have a legal path of accountability. Suffice it to say if the company has been in business less than a year, it'll even be more difficult for them to qualify. We have to be comfortable that they are an existing legitimate entity.

I don't know a legitimate commercial sender out there who isn't frustrated with the damage done to the space by spam and phishing.

The second step is to verify that their past sending behavior has been pristine. So, what kind of complaint levels have they had in their volume sending? Are partners comfortable that they have appropriately pristine sending records? As they use certified e-mail, we monitor their sending behavior in an ongoing fashion. We monitor complaint levels so that we can be sure they're upholding the acceptable use policies of the system and that they're again continuing to operate in a pristine fashion.

Third, they can only use certified e-mail for permission-based messages to existing customers. This is not a vehicle for prospect marketing. Since we maintain reputation profiles on the senders, we can use that to verify that their assertions about permissions are actually true. If you get that far, then we provide you with the ability to tokenize your messages.

How does the company view itself in this context?
Gingras: We see ourselves as a trust intermediary. We don't see recipient addresses; we don't see message bodies; and messages don't get sent through us. But we do provide a cryptographic token that we sign that you add to your message as an X-Header that is unique to each message instance that's a very important security capability. It allows us to track the messages as they course through the system. It allows us to have very accurate data on the sending volume of certified e-mail messages. It allows the recipient ISPs to very easily detect that token, validate that the token is valid and, if so, provide it with the special privileges that are only appropriate to a qualified certified e-mail sender.

How will the user experience change? Will I know that something is different when I'm accessing my AOL or Yahoo mail?
Gingras: Very important point. In the user interfaces at AOL and Yahoo and with other mailbox provided partners as we bring them onboard, they will place the certified e-mail icon, which is an envelope with the blue ribbon on it, in the in-box list view next to the messages that are certified e-mail messages. Also, when the message is opened, that icon is placed prominently in the interface frame around the message. We want it to be very easy for a consumer to see that it is indeed a certified message. In our research, one of the things that we learned from consumers is the one thing they wanted most was a very simple yes or no indication regarding the authenticity of the message, and obviously that's what we're seeking to provide.

So there's nothing the end user has to do?
Gingras: No, and it's very important that the icon be in the user interface obviously, not in the message body. Even people can spoof and put anything into the message body. We'll be educating consumers to look for the certified e-mail icon in the user interface next to the messages.

Who pays what and to whom and how much?
Gingras: The senders who choose to use the service. This is an optional service. If they want to continue to send the messages as they normally do, then certainly, they will do so. We have not set final pricing. We look at it as approximately a quarter cent per message. If they don't find value for that price then they won't be using the service. But the benefits, we think, are significant.

How so?/> Gingras: Because these are highly trusted senders sending authentic messages and behaving within the bounds of the system. It's appropriate to be able to deliver them privileges that you really couldn't do otherwise, such as assured delivery of getting the message directly to the server level in-box and bypassing the spam filters.

We're measuring complaint data so we can make sure that they're living up to the rules of the system and then we provide a receipt back to them saying that this message ID was delivered to the server level in-box, or here is the error message as to why it was not.

Are you sharing any of the revenue with the e-mail providers or e-mail service providers?
Gingras: Yes we are, and that's an important point. The e-mail service providers are the ones who bear the full brunt of the cost of trying to keep e-mail clean. E-mail is not a free medium. It is, in a sense, a recipient-pay medium. It used to be very inexpensive, but today, with the kinds of problems we see with spam phishing viruses, they spend quite a bit.

According to the Messaging Anti-Abuse Working Group, the average ISP spends about $8 to $12 per mailbox per year simply on e-mail hygiene. Obviously, someone as large as an AOL doesn't spend that much, but they do spend tens of millions of dollars a year. It's very expensive, and ultimately that cost gets borne by the consumer--either in the form of their access fees or a reduced level of features and services because the mailbox provider has to spend money trying to keep the in-box clean.

It certainly seems to us that in exchange for providing the special benefits to commercial senders, who benefit tremendously from the e-mail medium from a financial standpoint, that it's appropriate the ISPs have an opportunity to offset at least a portion of their high costs.

Do you know how much you're going to be sharing with those service providers?
Gingras: Yes, It's a significant amount. I would only say that it's over 50 percent.

Can you respond to criticism that your service amounts to extortion or that you're serving as a tollbooth that is possibly going to prevent people who do not pay for the service from getting to in-boxes?
Gingras: There's been an unfortunate degree of intentional misrepresentation as to what this is about, and what you mentioned is one of them. Again, it's an optional service. If they want to use it, they can. If they want to send messages in the standard way, they can and they will do so. If they can't find value from the use of certified e-mail then they won't. To suggest that it's an e-mail tax is to suggest that it's a levy that's forced upon you. It's not. It's an optional service. If you get benefit, great, if you don't, you won't use it.

How do you see this changing the landscape of e-mail, and how is it going to change the economics of how we interact with the service that up until now has been completely free?
Gingras: I'm one of those who thoroughly believes that e-mail is a great and powerful medium because virtually anyone in the world can get an e-mail address easily and at little or no cost and they don't have to show an identity card to get one. If they want an anonymous account, they can get one. That's a great thing, but of course it's also why we end up with some of the problems we have.

It is a classic tragedy of the commons where you have an open environment of a common resource that nefarious bad actors look to take advantage. So, in crafting certified e-mail, we were really looking to target a solution on the problem. The problem isn't about Joe sending an e-mail to Emma or the reverse. The problem is in the commercial volume messaging arena. I don't know a legitimate commercial sender out there who isn't frustrated with the damage done to the space by spam and phishing.  

Close
Drag
Autoplay: ON Autoplay: OFF