Lawmakers Scrutinize CertifiedEmail
"That's what I thought was the selling point: that it was going to reduce spam and phishing," said state Sen. Dean Florez, a Democrat who chairs the state Senate Select Committee on E-Commerce, Wireless Technology and Consumer Driven Programming.
Florez noted that legislators would monitor the program, especially as it affects nonprofit organizations.
Gingras told DM News that CertifiedEmail is about authentication.
"The purpose is to restore trust to e-mail ... that the bank message is really from the bank," he said. "To suggest that the introduction of CertifiedEmail is going to prevent spammers from sending spam or phishers from trying to phish -- we have not said it, nor would any expert say it."
The Goodmail CEO's statement at the hearing, however, differs from recent remarks by AOL concerning the program's benefits.
"As we get ready to testify at the hearing ... we are also working diligently to protect our members' safety and security by preparing implementation of the anti-spam, anti-phishing CertifiedEmail program," AOL spokesman Nicholas J. Graham said in a March 30 report on DMNews.com.
In response, Graham told DM News last week that, "We have never claimed that CertifiedEmail will end all spam; there is no magic silver bullet.
"It helps us increase e-mails of good, trusted, authenticated e-mail ... and that's what consumers want. If we can put an end to spoofs, scams and hoaxes by giving legitimate senders of e-mail a new path, a new way to send e-mail, we believe more phishers will give up and throw in the towel."
Graham added that, "We have said all along that CertifiedEmail is a lot of different things. CertifiedEmail helps restore trust and integrity to e-mail. It helps consumers identify an e-mail in their inbox [that] they can know has been authenticated, certified and is trustworthy."
Others at the California hearing suggested financial benefits drove AOL's offering of CertifiedEmail.
"It's just a pretext for introducing a class of e-mail and allowing AOL and Goodmail to collect fees on it," said David Heimer, chief operating officer of Service Roundtable, Dallas, a resource site for HVAC and plumbing contractors.
Heimer testified at the April 3 hearing in Sacramento along with Gingras; AOL Postmaster Charles Stiles; Matt Blumberg, CEO of e-mail delivery firm Return Path; and representatives from advocacy groups including MoveOn.org.
Florez said AOL and Goodmail representatives assured him that the fee for CertifiedEmail would be used for labor costs to ensure that the system works.
"I didn't get that this is a big moneymaker for them," he said.
This news followed America Online's rebranding as AOL last week and introducing a new logo. With the company's plans for international expansion, the new branding aims to appeal to consumers worldwide.
"Plus, consumers in the U.S. and around the world already know us by our initials," AOL chairman/CEO Jon Miller said.
Meanwhile, Florez remains concerned about CertifiedEmail. He wants California to have oversight on the AOL program and suggested that the state may get involved in regulating e-mail authentication programs.
California could devise a system where funds paid by third-party e-mail companies are subtracted if phishing e-mails or viruses get through even though the e-mail is certified.
"Who is liable if phishing or a [virus] gets into the CertifiedEmail system?" Florez said. "AOL and Goodmail said they are going to be liable in that type of exchange."
"CertifiedEmail is a system designed to make sure the messages presented are authentic," he told DM News. "We accept the responsibility for making sure the right kind of behavior happens." If phishing or virus-bearing e-mails do get through, "we will have to defend ourselves."
Still, the state Senate committee plans to watch the program and take AOL and Goodmail to task if things go wrong, especially if nonprofit groups encounter problems.
AOL had offered to pay for nonprofits to send e-mail, but many small groups are still concerned that their e-mail will be stopped in spam filters or, if they are not classified as nonprofits, that they will have to pay a fee to ensure their e-mails get through.
"We're really going to be on the backs of AOL if a nonprofit is billed a huge amount they can't pay," Florez said.
AOL remains undeterred as it rolls out CertifiedEmail. Though it is not "fully implemented on AOL," Graham told DM News, "we continue our preparations and testing." The California hearing went well as AOL "corrected some pre-existing misperceptions in the marketplace about what we're doing. That's very good progress, in our view."
Yahoo plans to implement a CertifiedEmail program in a few months as well.
And though Gingras would not release specific numbers, he said adoption of CertifiedEmail by senders, including brands and e-mail service providers, is "significantly beyond our forecast."