The two companies announced plans to introduce the service, provided in partnership with privately held Goodmail Systems, which allows senders to email users directly without going through the companies' spam filters. The fees range from a quarter of a cent to 1 cent per e-mail, and the companies said it would protect email users against spam and phishing emails.
But security companies poured scorn on the idea. Andrew Lochart, senior director of product marketing at email security company Postini said it "badly misses the mark."
"First, it guarantees delivery of paid-for bulk email to users, based on the sender paying, not based on users' preferences. In other words, it will allow more, not less, unwanted email through to users," said Lockhart.
He added that only legitimate companies will be asked to pay. "While legitimate senders sometimes send email to people who do not want it, the amount of spam that falls into this category is negligibly small," said Lockhart.
He said the vast majority of spam comes from the margins of the business world, people with neither the money nor the inclination to pay for delivery of their spam.
"In short, the AOL and Yahoo plans make the same mistake that SPF/SenderID made - they don't actually prevent spam, and they ask legitimate senders to pay for the sins of the real spammers," said Lockhart.
Others said the plans meant hackers would "have a field day hijacking legitimate AOL and Yahoo accounts to send out mail."
"This makes these new accounts even more susceptible to criminal activity," said David Stanley, vice president and managing director of messaging security company CipherTrust. "Who pays the charge then? Numerous companies are already unwittingly victims of malicious zombie attacks sending out spam without their knowledge."
Stanley said the plan was "a ridiculous idea" and "nothing more than a money-making idea that will not stop spam but will give account holders free reign to send all sorts of 'authenticated' mail."