Without commenting on the particulars as they relate to Goodmail — especially since I am on the advisory board for Habeas, a competitor — let me note that public discussion is largely missing the nature of the current Internet mail realities and the nature of the ways we can deal with them.
Simply put, Internet mail needs to sustain spontaneous communications — that is, communications without prior arrangement — and the benefit of such a capability is fundamental. However the scale and diversity of the modern Internet now includes many folk who the security geeks appropriately call Bad Actors. We are stuck with these competing points: Maintaining open contact, but dealing with some very nasty users.
A great deal of very good work has been done, to detect these bad actors and their bad messages. Often, that work is quite helpful. In spite of this the total amount of global spam and email abuse has yet not gone down. We must continue with efforts to detect and deal with Bad Actors, but there is a separate path that is at least as valuable:
We need methods for distinguishing Good Actors. Folks who are deemed "safe". In effect, we need a Trust Overlay for Internet mail, to permit differential handling of mail from these good actors.
In general terms, a trust overlay requires reliable and accurate identification of the actor and a means of assessing their goodness. In other words, authentication and reputation.
We are already pursuing a standard for message transit handling authentication, through Domain Keys Identified Mail (DKIM). There is discussion about various assessment standards for reputation and accreditation. Although DKIM is quite viable in its pre-standards form, there is no candidate for standardized reputation reporting.
With all of this as background, imagine that you are an online service that needs to ensure that a customer order confirmation, or an equivalent critical transaction message, is delivered to the customer. Then imagine that you are offered a means of safely and reliably identifying this specific class of mail, so that it receives differential handling. The incentives for a company to pay to ensure that delivery are substantial.
And that is what the recent announcement is about. It concerns a means of ensuring delivery of "transactional" mail. This is quite different from "marketing" mail and it is not in the least controversial.
I would greatly wish that the mechanisms used open standards, but the basic model of developing a trust-based overlay for Internet mail seems an essential enhancement.
By Dave Crocker, Consultant
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines