Home / Blogs

EFF and Its Use of Propaganda: Could Karl Rove do better? Probably

Suresh Ramasubramanian

The latest post on DearAOL's blog, by EFF activist coordinator Danny O'Brien, is titled "The Shakedown Begins".

In short, Danny receives email from overstock.com on an AOL mailbox — email that he apparently paid overstock $29.95 to receive. And that email arrives with Goodmail certification that AOL recognizes and flags as such. Danny seems to think this is not the sort of email that should be certified by Goodmail, and that AOL should not suddenly turn on Goodmail certification.

Suddenly? Come on, DearAOL.com has been around since Feb 2006 — that's what, four months now that AOL has been saying they'll do it?

The EFF is, unfortunately, grasping at straws here. Personally speaking, if I paid $29.95 for something that was supposed to arrive by email, I'd want to be quite sure I got it in my mailbox. And I certainly would not thank my ISP for filtering email that I paid for as spam.

And if I was a bulk mailer sending a particular email only to people who paid me $29.95, well, I'd have to be pretty stupid to send that email out to people who didn't pay me that money.

This can be said to fall into the same category as (say) airline tickets that you buy online and get in your email, or bank statements — these are transactional.

As I pointed out in an earlier, long debate with Danny on Declan McCullagh's Politechbot, such email is a quite good candidate for Goodmail certification, in that bulk senders are going to be quite willing to pay extra to ensure that their email that they send out to paying customers is actually delivered, and not mistaken for spam.

As a corollary, the way AOL has integrated Goodmail's reputation checks also provides a certain amount of assurance to AOL email users that the email they are receiving is actually from that organization and not from a phisher — but this is a completely secondary benefit.

To be perfectly fair, Danny points out in a comment on his DearAOL.com post that why yes, the email he got was solicited, and cost $29.95 but:

> Even so, AOL never stated that Certified Mail would be restricted to
> just transactional mail. The big question here is: what kind of mail
> do companies want to pay ISPs to accept?

Simple answer. Certified Mail, with all the criteria that AOL (and more importantly, AOL's users) and Goodmail seem to be asking for, is open to any bulk email that the sender is pretty damn sure the recipients signed up for AND want to get in their mailbox.

What I did point out in that thread is that the economic model that Goodmail introduces is only going to be feasible for senders of bulk transactional mail like airline tickets or overstock promotions that you pay $29.95 to signup for.

The EFF's position is that this represents a new model where only commercial bulk senders who pay extra will get their messages reliably delivered, and that non-commercial bulk mailers (such as political activist groups) are not going to get the same privilege as they can't/won't pay for Goodmail certification.

That, in my opinion, is a gross mischaracterization of the situation. Goodmail is just one of the ways to get email through to AOL without being filtered out. There is another, far simpler way — that of making sure that the email that is sent out by the non commercial entity is solicited by the people who receive it.

Email from non-commercial senders like political action groups, or popular mailing lists like CircleID / Dave Farber's IP list, or person to person email from someone to their friends, relatives and colleagues on AOL accounts, would also get through to AOL just fine. But as long as the percentage of spam reports to total email volumes sent by the sender to AOL users remains at acceptably low levels.

I work for a large ISP, with over 40 million users. Our servers send millions of emails a day to AOL — all one to one email from our users, plus it must be said, a certain percentage of spam, because some of our users are spammers who signup to abuse our service.

We don't like spam any more than AOL does, and it is in our interest to ensure that some of our users don't spam AOL, or any other ISP. A very visible consequence of what happens if my team slips up in filtering spam is that our servers may get blocked as sources of spam, thus inconveniencing all our users, who won't be able to send email because of the misdeeds of a small fraction of our users.

So we put in place several active and passive methods to detect and mitigate outbound spam and to deactivate spammer accounts as quickly as possible. We further sign up to AOL's feedback loop, which you use and are quite familiar with, helps us identify and boot spammers. All these steps ensure that AOL users get far, far more legitimate email than spam from our servers, and AOL, by itself, remains confident that we are capable of handling any spam issues that arise on our servers.

That keeps us immune from AOL's filters just fine, without us, or our users, having to pay a thin dime to Goodmail or any other email certification service.

Similarly, as I said, legitimate senders of bulk email need not pay AOL or Goodmail anything at all. All they have to do is to ensure that email they send out is solicited by its recipients, so that very few people report their email as spam, and all such cases are handled promptly.

That very same criterion does apply to senders that sign up to Goodmail — the only difference being that they pay extra for a certain amount of third party assurance that they comply with standards that AOL finds acceptable in order to relax their filtering and treat their email as trusted. In return, Goodmail certified providers agree to comply what appears to be AOL's most stringent set of standards on solicited email.

Sadly, the EFF and the DearAOL.com coalition have chosen to regard this as attempted blackmail by AOL and Goodmail, and they have so far released a series of press releases, white papers and blog posts on this subject over the last few months. All of these have uniformly repeated the catch phrase "shakedown" whenever they discuss this issue.

I have my own reservations about pay to send models for email, mainly due to their scalability and feasibility when deployed globally, but these do have a certain niche demand — mostly among senders of high value transactional email who typically have a contractual obligation to the receiver, having accepted money and agreed to provide a particular service by email (a ticket, a bank statement, a newsletter with discounts, whatever).

Fulfilling that demand does not appear to be blackmail, or characterizable as blackmail, and I consider it grossly improper for the EFF to conduct a sustained propaganda campaign that seems solely aimed at convincing the general public that AOL is out to blackmail them and impose an illegal tax on their email, as if they were protection racketeers shaking down citizens and small businesses.

Propaganda has been a highly valued tool of any political advocacy campaign, irrespective of whether it is right leaning or left. However, at the risk of invoking Godwin's law, it appears clear to me that the EFF has not forgotten one of the long standing dictums of propaganda…

"But the most brilliant propagandist technique will yield no success unless one fundamental principle is borne in mind constantly and with unflagging attention. It must confine itself to a few points and repeat them over and over. Here, as so often in this world, persistence is the first and most important requirement for success."

* actually from "War Propaganda", in volume 1, chapter 6 of Mein Kampf (1925), by Adolph Hitler

I don't for a moment intend to compare the EFF to Hitler. That is not my intention. My intention here is solely to express my distaste for the virulence of this persistent propaganda campaign that seems solely aimed at convincing the general public that AOL is out to blackmail them.

By Suresh Ramasubramanian, Architect, Antispam and Compliance

Related topics: Security, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Adam Beecher  –  May 17, 2006 9:05 AM PDT

Try reading the full article Suresh, instead of scanning the first few lines and firing off a kneejerk response.

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Suresh Ramasubramanian  –  May 17, 2006 9:18 AM PDT

Oh I read it all right.  And I've been having a fairly longish conversation with Danny on politech about it.  Check www.politechbot.com for that lot.

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Chris McElroy  –  May 23, 2006 8:46 PM PDT

The problem is it seems you trust AOL to use it in the beneficial way you think and hope they will. Corporations like AOL say all the time, "Trust Us" it will benefit you. We are doing it for your own good. Unfortunately it doesn't turn out that way most of the time.

AOL has more in mind than just making sure your email gets through to customers that have asked for your email.

What keeps a spammer or even a phisher from setting up a front company and paying the fee?

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Suresh Ramasubramanian  –  May 23, 2006 8:48 PM PDT

I know the people who implement AOL's antispam policy

I have also seen more than 5 years worth of similar propaganda on the spam issue from the EFF

For the answer to that question - poke around circleid for older articles by me, John Levine etc on goodmail, all in the "addressing spam" section.

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Alec Berry  –  May 24, 2006 9:09 PM PDT

It is so refreshing to hear points of view on the AOL/Goodmail issues from people in the trenches-- engineers actualy setting up, maintaining, and operating large scale e-mail systems. All to often this "debate" is dominated by chicken littles, who have yet to reveal a single ACTUAL case of damage from the falling sky.

The MoveON.org rants were even worse, claiming cancer patients would not get notices of life saving drugs!

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Suresh Ramasubramanian  –  May 24, 2006 10:34 PM PDT

I've not got a very good opinion of moveon.org or their emailing policies .. but well, that bit about "cancer patients" is rather stupider than their usual stuff.

This dearaol campaign is starting to fizzle out - so I guess they'll grow a lot more hysterical before they finally pipe down.

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Rob Larkins  –  May 31, 2006 7:10 PM PDT

I can't comment on the DearAOL compaign or the EFF's position on it generally because I haven't looked into it, but I can confidently say that current spam filtering technologies seem to be growing increasingly more "dangerous" to safe mail.

I've recently have had problems with Verizon blocking "email address" confirmation emails from digg.com and the OpenNIC mailing list.

I've also had problems with AOL repeatably blocking emails from a XML.org mailing list because it didn't like some of the URLs in the email. And I deliberately have my AOL spam filtering turned off! And they still do it. And AOL doesn't have any means of setting up "whitelists" either, so I can't clear emails coming from a particular address.

In neither case did the offending emails show up in my spam folder. They were all automatically deleted from the system, and no matter what I did I couldn't get them back.

I haven't even been able to resolve either problem successfully. Verizon tech support pointed me to a page where I could flag the sender as not-spam, but I haven't heard anything from them one way or the other, so I don't know if I can recieve emails from digg.com now or not.

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Suresh Ramasubramanian  –  May 31, 2006 8:50 PM PDT

I will be the first man to say that bad and even grossly incompetent spam filtering exists.  That shouldnt give EFF the excuse to beat up on all spam filtering in general.

regards
-srs

ps - I've found AOL quite responsive to concerns about valid email being lost - there's a number you can call, and a detailed note on their blocking critieria, at http://postmaster.info.aol.com

Re: EFF and Its Use of Propaganda: Could Karl Rove do better? Probably Suresh Ramasubramanian  –  Oct 28, 2006 8:31 AM PDT

I note with some schadenfreude that dearaol.com is dead in the water.
And AOL is still using goodmail. And Granny still isn't paying to send email.

The last post on that blog (5/9/06) signed off with:
> AOL's silence in rolling out their pay-to-send system is deafening

I can't exactly say that dearaol's demise was all that deafening but then ..

This is the way the astroturfing ends,
This is the way the astroturfing ends,
Not with a bang but with a whimper.

srs (with apologies to T.S.Eliot)

What prompted me to write this? Well, John Gilmore seems to have suddenly decided that e360insight was right to sue spamhaus.
http://blogs.securiteam.com/index.php/archives/664
Oh, he also adds that Spamhaus and Paul Vixie are "dishonest" and "blackmail people into joining the conspiracy" by "deliberately blocking more people than the spammers"

The EFF still hasn't got off trying to parrot the "blackmail" meme (their favorite, right after the "McCarthy blacklisting" one) when talking about spam filtering, I see.

Oh well, I'm sure someone in there has a copy of "Propaganda 101, Goebbels and Rove" handy.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

DDoS Attacks in the United Kingdom: 2012 Annual Trends and Impact Survey

7 Keys to Professional Services Value: A Client-Side Perspective

Sponsored Topics