A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
(1) Certified E-mail Plan Stirs Controversy
(2) AOL's Certified Mail Service Does Not Appear To Impede the Flow of "Free" E-mail
(3) Certified E-mail Responds To Real Need; Continued Vigilance Necessary
In recent weeks, many in the nonprofit community have voiced alarm over a plan by America Online (AOL), the nation's largest e-mail provider, to offer paid, "certified" e-mail service to selected bulk senders. Unions, consumer groups and public interest advocates formed a coalition to oppose the forthcoming service, warning that certified e-mail represents a first step toward a "tax" on e-mail communication. That opposition has centered on the fear that by creating a new class of e-mail senders who pay to have their messages delivered, e-mail providers have started down a slippery slope toward a two-tiered e-mail architecture. Opponents fear that under such a structure, nonprofit speakers -- many of whose messages constitute Constitutionally protected political speech -- will face a deterioration in their ability to deliver messages if they can't or won't pay for certified mail services.
CDT has long fought to preserve the free and open Internet, opposing efforts to restrict content, to place undue financial, legal or bureaucratic burdens on political speech, or to artificially limit the ability of speakers to reach the sweeping audience the Internet allows. CDT opposes any changes to e-mail architecture that would impair the effectiveness of e-mail as an accessible communications tool, particularly for senders in the political and nonprofit communities. As such, CDT shares the underlying goal of the groups opposing the certified mail services to forestall the emergence of a "pay-to-play" e-mail environment.
However, CDT has a very different reading of the facts surrounding this controversy. CDT does not believe the service will harm the ability of non-paying senders to deliver messages to AOL customers. CDT was troubled by initial media reports that AOL intended to dismantle or scale back its existing "white lists," but the company has publicly committed to maintaining those lists, which help to keep messages sent by legitimate bulk e-mailers (including non-profit senders) from being inadvertently trapped by AOL's spam filters. So long as the white lists remain robust and intact, legitimate bulk mailers that opt not to participate in the certified mail program should see no degradation in e-mail deliverability.
Some critics of certified mail have gone a step further, conflating it with the debate over "network neutrality." CDT believes that certified mail and network neutrality are distinct and separate issues, distinguished by significant differences relating to competition, capacity and architecture. CDT is engaged in a series of consultations regarding net neutrality, and intends to address the issue separately.
Critics also have observed that certified mail will not help combat spam. However, the program has been developed primarily as a way to increase the security and trust level of e-mail, not as a spam-fighting tool. Declining consumer trust in online safety and security has emerged as perhaps the key factor preventing the Internet -- e-mail in particular -- from reaching its full potential. Internet users have been forced to treat e-mail messages suspiciously; even those that purport to come from known and trusted entities. This has hurt the ability of both commercial and nonprofit e-mail senders to reach their audiences. Certified e-mail could be a valuable tool in the fight against "phishing" schemes and other, increasingly sophisticated forms of Internet fraud. The target market for certified mail services appears to be legitimate and well-established senders seeking to assure customers that the messages they receive are genuine. That kind of authentication could offer real benefits for both senders and recipients of transactional e-mail and help to restore trust online.
Nor is the AOL/Goodmail service the only or first effort to enable senders of e-mail to obtain some type of special certification or treatment for their messages. Established examples include the Habeas and Bonded Sender programs. Such programs may vary in their structure and business models, but they share the characteristic of providing, for a fee, participating bulk e-mailers with special treatment for their messages. In addition, Yahoo! has said it is working with Goodmail on a certified mail program of its own.
Paid certification services could cease to be benign should they replace, rather than complement, white lists and other low- to no-cost e-mail deliverability tools. The public interest and Internet communities must remain vigilant against initiatives that erect new price barriers that limit the ability of small and non-commercial speakers to use the medium. For now though, e-mail providers should not be discouraged from offering potentially useful anti-fraud tools, so long as they remain committed to maintaining a high level of service to non-participating senders.
AOL's certified e-mail program will not be available to every sender willing to pay the fee. Eligibility, much like eligibility for AOL's white list programs, will be limited to bulk senders that have demonstrated over time very scrupulous mailing and list-management practices. In addition, in administering the program, Goodmail will require that organizations submit to an extensive screening process in order to participate. Thus spammers and unscrupulous marketers will not be able to pay their way around AOL's spam filters.
Once cleared to participate, senders will obtain cryptographic tokens from Goodmail that identify outgoing messages as "certified." Once verified by AOL, mail marked with a token will bypass AOL's spam defenses and be delivered directly to recipients' mailboxes, marked with a special "Certified Email" icon. This icon will confirm to the recipient that the message was sent by the identified sender. Companies will pay less than a cent per message to use the service.
The target market for certified mail services will be large senders of transactional messages. In recent years, banks, credit card companies, e-commerce vendors and other organizations that rely on e-mail for transactions, including some nonprofits, have been subject to an increasingly sophisticated breed of online scams targeted at their customers. In a typical phishing attack, an online criminal sends massive amounts of spam e-mail forged to mimic legitimate transactional messages. The messages direct recipients to cleverly forged Web sites where they are prompted to divulge sensitive account details.
The cryptographically verified certified mail messages should make it possible for consumers to identify and trust the legitimate transactional messages they receive from companies with which they do business.
What's important from the standpoint of the larger Internet community is that certified mail service will not replace AOL's two no-cost deliverability tools: the white list and the "enhanced" white list. The white list is a regularly updated list of bulk senders who meet baseline standards for responsible mailing practices. Once cleared through an application process, and so long as their messages do not generate excessive complaint or bounce rates, organizations on the white list are able send messages that bypass some of AOL's bulk mail filters. White list senders receive feedback on the complaint and bounce rates their e-mails generate, so they can determine when their mailing lists or practices need improvement. Senders on the white list that demonstrate exemplary mailing practices (as shown by very low complaint and bounce rates) can qualify for inclusion on the company's "enhanced" white list. Enhanced white list messages bypass the same filters that certified mail messages will bypass, including filters that disable links and images in the body of a message.
Critics have suggested that over time AOL will have little incentive to invest in maintaining the white lists' effectiveness, so that senders looking for reliable delivery gradually will be driven to use the paid service. But incentives to maintain the white lists are strong. The e-mail provider market is highly competitive, and to meet the requirements of its subscribers, a provider must ensure that they reliably receive all the messages they want. Thus, there is a significant marketplace incentive for AOL to continue to maintain and improve its white lists and other no-cost services that maximize the delivery of wanted mail.
Certified mail probably won't make sense for all or even the majority of bulk senders. Still, AOL and Goodmail have announced that the service will be available to qualifying non-for-profit senders at a deep discount (95 percent off commercial rates, according to Goodmail). As long as this discount pricing structure is maintained, it may help qualifying charities and nonprofits to build more trusted e-mail relationships with donors and other constituencies. In addition, AOL recently announced the launch of a new free service that will permit non-profits that have their e-mailing practices approved by a third party accreditation agency to obtain treatment equivalent to enhanced white list senders.
It is important to acknowledge the risks associated with widespread migration toward paid, certified e-mail. Low-cost, unfettered e-mail distribution must be preserved, especially for those in the nonprofit and public interest communities. But it is equally important that the nonprofit community understand the very real threat that AOL and other companies are seeking to address with the introduction of certified e-mail products.
The rise of phishing and other dangerous Internet scams is measurably eroding the trust that users have in e-mail and Internet communication. In a 2005 study by AOL and the National Cyber Security Alliance, 61 percent of respondents reported having been targeted by a phishing attempt. Of those that were targeted, 70 percent thought the phishing e-mail looked legitimate. In a 2005 survey by the Pew Internet & American Life Project, 53 percent of people reported that spam had made them less trusting of e-mail. This steady erosion in trust affects every bulk e-mail sender in the world including nonprofits, and won't be easily reversed. Left unchecked the decline in user confidence will deal a far worse blow to Internet communication than will any degradation of e-mail delivery. When people don't trust their e-mail, the medium becomes useless as a tool for discourse, as well as commerce.
CDT believes the AOL service does not pose a near-term threat to non-paying bulk senders, but the concerns that certified mail may represent the first step down a slippery slope toward a more closed, cost-limited e-mail architecture call for ongoing scrutiny. Internet advocates and the nonprofit community must actively work to ensure that changes in market factors and business models don't lead to major changes in the pricing structure of e-mail, which has flourished as a low-cost way to reach millions of people.
The bad outcomes suggested by certified mail opponents are by no means inevitable, even if certified mail and comparable pay services succeed far beyond the expectations of e-mail service providers. Market competition and an attentive Internet community are keys to ensuring that providers maintain their no-cost deliverability programs. In particular, CDT will watch closely to make certain that:
Global e-mail communication owes a great deal to the continued innovation of the e-mail providers and ISPs who comprise the global network. Within the context of preserving the essential openness and low barriers to entry at the heart of the Internet, providers should be given considerable leeway to develop new services with the potential to improve the user experience. The certified mail service proposed by AOL and Goodmail raises some issues that bear monitoring, but it also offers significant potential benefits to organizations seeking to build trust in a medium facing mounting risks.