AOL Announces New Steps to Make Commercial E-Mail Safe for AOL Members
Monday, 30 January 2006
In a bid to protect its members from e-mail fraud and phishing, and to offer consistency to commercial e-mail senders, AOL today will begin implementing Goodmail's cryptographic CertifiedEmail program and phasing out its IP-based Enhanced Whitelist, according to ClickZ News.
As part of its e-mail security practices, AOL blocks the display of images and hyperlinks on most high-volume messages, except if senders are on the AOL Enhanced whitelist and maintain very low complaint rates. Beginning today, AOL will also allow senders who have undergone accreditation through Goodmail to display images and hyperlinks by default.
Goodmail charges accredited companies a fraction of a cent per message sent.
In addition, ClickZ reported that AOL will add a "trust symbol" to messages sent by Goodmail's CertifiedEmail senders. It will appear in the inbox and the message window, so members will understand that a sender's identity and reputation have been verified.
America Online's Postmaster Charles Stiles issued the following statement today:
AOL has demonstrated consistent leadership in providing the easiest and safest user experience for its Members. In 2006, AOL will make important changes in its email operations and policies to further protect against email practices that can put AOL Members at risk.
In light of the continued growth of phishing attacks, instances of image-based viruses and other forms of email-based fraudulent behavior, AOL will adopt new measures to assure that commercial messages received by our Members are authentic and safe to open.
AOL has led the industry in identifying message functionality (e.g. JavaScript) that can be used to put recipients at risk, and that functionality has been disabled to protect AOL members. AOL has also found that even relatively basic HTML functionality like images and links can be abused for fraudulent purposes. As a result, AOL blocks the use of images on most high-volume messages - though certain volume senders who are on the AOL Enhanced Whitelist and who maintain very low complaint rates are currently allowed to use images in their messages.
AOL has now determined that with the increasing growth and sophistication of fraudulent email behavior it must take additional steps to assure the highest degree of Member protection.
Implementation of the CertifiedEmail Service and Phase Out of the Enhanced Whitelist
AOL announced a partnership with Goodmail Systems in October 2005 to provide a CertifiedEmail premium delivery service - a new class of email that will help shield AOL Members from fraud and phishing and allow Members to be comfortable that CertifiedEmail messages are from highly-qualified senders and are authentic and safe to open.
AOL believes that the CertifiedEmail service provides a higher level of message safety for its Members than any other available practice of volume message processing. To guide AOL Members, the CertifiedEmail trust symbol will be prominently displayed in the inbox next to CertifiedEmail messages and also in the message window that frames CertifiedEmail messages - areas that cannot be spoofed because they are controlled by the AOL Email client.
With the introduction of the CertifiedEmail service, AOL will phase out the Enhanced Whitelist program. This transition will be implemented according to the following schedule:
· On April 3, 2006, AOL will change the qualification criteria for the Enhanced Whitelist by lowering the complaint threshold to an extent that will significantly reduce the number of IP addresses included in the program.
· On June 30, 2006, AOL will terminate Enhanced Whitelist privileges. This change will disable links and images by default from all non-certified bulk email viewed from AOL 9.0, AOL webmail and all subsequent client releases. As always, links and images can be enabled by the end user on a message-by-message basis.
Senders who are on the AOL Enhanced Whitelist will be eligible to apply for the CertifiedEmail service and AOL encourages senders to do so. The ability of Goodmail's CertifiedEmail service to hold senders accountable for their sending practices will allow AOL to provide qualified senders with privileges and benefits well beyond those offered by the Enhanced Whitelist program. The CertifiedEmail service will include:
· Delivery. CertifiedEmail messages will bypass AOL volume and content filters to ensure the message ends up in the inbox. CertifiedEmail messages will not be blocked or delivered to the spam folder.
· Message Presentation. AOL will allow CertifiedEmail messages to display fully functional images and links by default.
· CertifiedEmail Designation. AOL will prominently display the CertifiedEmail trust icon in the inbox list view and in the non-spoofable area of the message window to indicate to the AOL member that the message is from a CertifiedEmail accredited sender.
· Reports. Senders will gain access to accurate message-level data confirming inbox delivery or detailing error reporting in the event of non-delivery.
The rigorous sender accountability enabled by the CertifiedEmail service is not feasible with the AOL Enhanced Whitelist program. With the CertifiedEmail service, AOL members can open their emails with increased confidence that they won't be subjected to fraudulent content or behavior.