AOL to Implement E-mail Certification Program

In a bid to protect its members from email fraud and phishing, and to offer consistency to commercial email senders, AOL today will begin implementing Goodmail’s cryptographic CertifiedEmail program and phasing out its IP-based Enhanced Whitelist.

As part of its email security practices, AOL blocks the display of images and hyperlinks on most high-volume messages, except if senders are on the AOL Enhanced whitelist and maintain very low complaint rates. Beginning today, AOL will also allow senders who have undergone accreditation through Goodmail to display images and hyperlinks by default. Goodmail charges accredited companies a fraction of a cent per message sent.

In addition, AOL will add a “trust symbol” to messages sent by Goodmail’s CertifiedEmail senders. It will appear in the inbox and the message window, so members will understand that a sender’s identity and reputation have been verified.

“Our focus and goal here is to provide a safer and more secure environment for our consumers, and restore some trust in the email inbox,” Charles Stiles, AOL’s postmaster, told ClickZ News.

AOL’s current Enhanced Whitelist program works by classifying senders based upon their IP addresses. To qualify, senders submit to AOL the IP addresses from which they send email. Since many large senders use more than one IP address, it’s possible for an AOL member to see images on a sender’s email one week and not the next.

“If they get a message from a sender that has images and links enabled one day, and another one the next day where they’re not, they tend not to trust that so much, or think there was an error. It sends an unclear message to the consumer,” Stiles said.

In addition, the IP-based system is easier for spammers to game, since they can send low volumes of opt-in messages in accordance to the guidelines until the address is whitelisted, and then send a large amount of spam all at once before the address is blocked.

“The amount of accreditation that’s required to get on the Enhanced Whitelist is not really appropriate for the level of permission we’re giving here. With Goodmail, they’re able to certify the entity as a whole, not just a certain IP address. Their testing and certification processes are much more rigorous than what an individual ISP can do in a scalable way,” Stiles said.

The Enhanced Whitelist program will be phased out, first by lowering the complaint threshold in April to reduce the number of IP addresses in the program. The program will be eliminated entirely at the end of June, when all senders who have not yet done so will be required to sign up with Goodmail to retain previous sending privileges.

According to Stiles, senders are amenable to the idea, because they gain a level of consistency. Using Goodmail’s CertifiedEmail, senders who maintain high standards are more likely to have all of their messages delivered, with links and images enabled, than they are under the current IP-based system, Stiles said. Senders will also gain access to message-level data confirming inbox delivery or detailing error reporting in the event of non-delivery.

“We’ve seen a good response from many senders who recognize the problems in the email ecosystem today,” Richard Gingras, chairman and CEO of Goodmail, told ClickZ News. “They very clearly understand that their brands have been damaged by phishing attacks, that they’re having a hard time getting their messages delivered, that consumers don’t trust their messages. We’re confident that over time we’ll see significant adoption by senders of all types and stripes.”

CertifiedEmail will cost senders a fraction of a cent per message sent, which Gingras said will be offset by the ROI it generates in the form of assured delivery, improved open rates, and enhanced click-through rate. Rates have not been set in stone, and Goodmail expects to offer senders significant discounts through 2006 under its charter program, he added.

Each message sent through the Goodmail CertifiedEmail service is embedded with a cryptographically-secure token. When a token is detected by a participating ISP, the message is delivered directly to a recipient’s inbox and identified as a CertifiedEmail message.

CertifiedEmail imprinting capability is available through email technology providers like Port 25, StrongMail, ColdSpark, and Sendmail, as well as several email service providers. On the receiving end, Yahoo, which like AOL announced a deal with Goodmail in October, is expected to begin implementing CertifiedEmail in its mail service in the coming weeks to bypass certain volume and content filters to allow messages to automatically reach the user’s server-level inbox.

“This is a case where everyone can do well by doing good,” Gingras said. “We create a safer experience for consumers, we provide qualified senders with a secure method of obtaining these kinds of privileges, and we take some of the cost burden of cleaning up the inbox off of the ISPs.”

Editor’s note: We have updated coverage of AOL’s CertifiedMail plans.