Home page logo
/

interesting-people logo Interesting People mailing list archives

Larry Seltzer's Security Weblog: The Irony of the DearAOL Block
From: David Farber <dave () farber net>
Date: Sat, 15 Apr 2006 14:04:18 -0400



Begin forwarded message:

From: Dave Crocker <dcrocker () bbiw net>
Date: April 15, 2006 10:27:09 AM EDT
To: David Farber <dave () farber net>
Subject: Larry Seltzer's Security Weblog: The Irony of the DearAOL Block

Dave,

For IP.  Larry notes the real lesson in the latest AOL "controversy":


The Irony of the DearAOL Block

http://blog.eweek.com/blogs/larry_seltzer/archive/2006/04/14/9069.aspx

As is being widely reported, AOL had a glitch yesterday in which it ended up
blocking e-mails containing any of about 60 Web addresses, including
www.dearaol.com. This Web site is a petition set up to oppose AOL's planned
adoption of Goodmail's CertifiedEmail. I've already written about the
disinformation and political hackery that informs the anti-Goodmail
movement.

I take it as a given that AOL didn't block the DearAOL site on purpose. If AOL execs actually meant to block access to it, they have better ways to do so and wouldn't have fixed the block within hours. Timothy Karr, the DearAOL director, claimed (according to PCMag) "that the glitch was an indication
that the certified e-mail system wouldn't be effective because of AOL's
inability to manage it correctly." But in fact this episode demonstrates
clearly the value of certified e-mail.

False positives such as this are inevitable in any anti-spam system, and
this is the reason certified e-mail exists. For an organization, such as
your bank, that needs to send you important e-mail and know that it will get through, the 1/4 cent that it costs to get a certified message through is a small price. Remember, these organizations were previously willing to send far more expensive messages through the USPS mail to you. The DearAOL block is a reminder that even innocent messages are blocked periodically simply
because the systems are very complex.

Please follow the links through my column for details, but in case you think that spammers will use this to get through filtering, it just doesn't work
that way. The main function of Goodmail is to investigate the companies
sending mail using their certifications and make sure they won't cause
trouble. We don't know how well it will work, but it helps to discuss it
honestly, as opposed to the way DearAOL has proceeded.

Remember: certified e-mail is not meant to stop spam, it's meant to stop
false positives. Once you understand that it all makes a lot more sense.

posted on Friday, April 14, 2006 2:43 PM by seltzer

--###--


--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


  By Date           By Thread  

Current thread:
  • Larry Seltzer's Security Weblog: The Irony of the DearAOL Block David Farber (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]