[IP] Larry Seltzer's Security Weblog: The Irony of the DearAOL Block

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Larry Seltzer's Security Weblog: The Irony of the DearAOL Block
From: David Farber <dave@xxxxxxxxxx>
Date: Sat, 15 Apr 2006 14:04:18 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <444102BD.7060409@xxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Dave Crocker <dcrocker@xxxxxxxx>
Date: April 15, 2006 10:27:09 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Larry Seltzer's Security Weblog: The Irony of the DearAOL Block

Dave,

For IP.  Larry notes the real lesson in the latest AOL "controversy":


The Irony of the DearAOL Block

http://blog.eweek.com/blogs/larry_seltzer/archive/2006/04/14/9069.aspx

As is being widely reported, AOL had a glitch yesterday in which itended up

blocking e-mails containing any of about 60 Web addresses, including

www.dearaol.com. This Web site is a petition set up to oppose AOL'splanned

adoption of Goodmail's CertifiedEmail. I've already written about the
disinformation and political hackery that informs the anti-Goodmail
movement.

I take it as a given that AOL didn't block the DearAOL site onpurpose. IfAOL execs actually meant to block access to it, they have better waysto doso and wouldn't have fixed the block within hours. Timothy Karr, theDearAOLdirector, claimed (according to PCMag) "that the glitch was anindication

that the certified e-mail system wouldn't be effective because of AOL's
inability to manage it correctly." But in fact this episode demonstrates
clearly the value of certified e-mail.

False positives such as this are inevitable in any anti-spam system, and
this is the reason certified e-mail exists. For an organization, such as

your bank, that needs to send you important e-mail and know that itwill getthrough, the 1/4 cent that it costs to get a certified messagethrough is asmall price. Remember, these organizations were previously willing tosendfar more expensive messages through the USPS mail to you. The DearAOLblockis a reminder that even innocent messages are blocked periodicallysimply

because the systems are very complex.

Please follow the links through my column for details, but in caseyou thinkthat spammers will use this to get through filtering, it just doesn'twork

that way. The main function of Goodmail is to investigate the companies
sending mail using their certifications and make sure they won't cause
trouble. We don't know how well it will work, but it helps to discuss it
honestly, as opposed to the way DearAOL has proceeded.

Remember: certified e-mail is not meant to stop spam, it's meant to stop
false positives. Once you understand that it all makes a lot more sense.

posted on Friday, April 14, 2006 2:43 PM by seltzer

--###--


--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on EFF: AOL Censors Email Tax Opponents
Next by Date: [IP] fast-growing demand for these semiconductors
Previous by thread: [IP] more on EFF: AOL Censors Email Tax Opponents
Next by thread: [IP] fast-growing demand for these semiconductors
Index(es):
- Date
- Thread