IBM Takes Notes Hosted

User Rating:  / 0

Details

Created on Thursday, 04 October 2007 10:29

Written by Peter Brockmann

The recent history and market maneuvers around the hosted services market are quite fascinating.

[[Microsoft]] has been in the hosted services game for a decade or more. The original online service, MSN, was quite consumer-centric and even the IM service, Messenger is consumer-centric. Near the turn of the millennium, Microsoft acquired a leading SMB-ish hosted software company - Great Plains Software - and focused their considerable energies on repositioning that service as one of a portfolio of offerings to address select communications services needs of small business, specifically search engine submissions, web hosting, email marketing and the like. With the acquisition of Placeware in 2003, Microsoft began to build up its Live Meeting offering and real time hosted services portfolio towards core business communications services. bCentral has been morphed into a small business Microsoft-centric resource center.

As discussed in other blog entries , with the acquisition of [[Webex]], [[Cisco]] has taken steps to close off the hosted services space as a platform for Microsoft dominance. They have correctly acknowledged (through action) that no competitor ought to be allowed unfettered access to any dimension of the market.

Now, [[IBM]] recognizes the same fundamental window to the market and at the Lotus Collaboration Summit in New York earlier in September 2007 announced Lotus Notes 8 (the latest release) being available on demand. 'On demand' is IBM-speak for hosted service. Of course, IBM Global Services have been engaged in managed services for the better part of two decades.

The Notes on demand offering is more managed than hosted. There is no multi-tenant capability so the implementation may seem a little costly to smaller organizations. Expected to cost something in the range of $5-$10/mailbox depending on the need for Sametime and Quickr services too.

I would expect that this offering will be attractive to Notes customers that are several revs behind and are facing big migration costs in software licensing and server hardware to get their implementation up to the latest release. An on demand solution is very effective at handling this scope of functionality and effecting a technology transition.

Challenge-Response Backscatter is a Bogus Argument

User Rating:  / 0

Details

Created on Thursday, 20 September 2007 10:58

Written by Peter Brockmann

Many email security pundits like to rail against challenge-response technology arguing various issues. One of them is the backspatter argument which goes like this:

Since spammers use forged email addresses challenge-response users unwittingly send email to forged users who didn't send the original message unfairly penalizing them for the protection offered to the challenge-response user. All this extra email has been called 'backspatter'.

I think the ‘Backspatter’ argument is a red herring (smelly fish to distract people from the truth). Here’s the logic:

My research shows that people are getting 11.5 spams a day on average despite the best efforts of spam filters. And if they’re 95% successful at removing spam, that means that their email inbox is a target for 11.5/0.05 = 230 spam/user/day.

Another recent study just completed (not yet published) shows that C/R users represent 5.6% of business email users. Well behaved C/R systems send out only 2-6% challenges with about 1% going to legitimate first time senders.

The question is of the 2-6% how many are actually forged?

My address hasn’t been forged by a spammer in a long time, except to send a message to me from me.

If the forged address is count is low (likely) say 1% then the probability of getting a backscatter message is 0.0000224 or 1 in 44,643 email. At the rate of 230 spam a day, that would be about once every 194 days. Of course honeypot operators are likely to be more vulnerable than others.

So, although one can argue that challenge-response is unfair to forged address users, this math shows that it is trivially unfair to them and at the same time both correctly and completely unfair to spammers. I’d suggest that that is a very reasonable side-effect of the technology.

What is Spam?

User Rating:  / 0

Details

Created on Wednesday, 19 September 2007 08:00

Written by Peter Brockmann

I have been thinking and writing about email for business for many months now and it occurred to me that Brockmann & Company should define spam.

As I see it, spam is email that is inappropriate, anonymous, bulk and irrelevant. 

Inappropriate - email that invites women to improve erectile dysfunction, email that invites children to view pornography, email inviting muslims to convert to Christianity. These are inappropriate. 

Anonymous - email requires every email to be sent from (or assumed to be sent from) a well-formed email address. There is no anonymity when it comes to email. Because of the trust assumed by the original sendmail program, email addresses can be easily forged. The context of a conversation can provide clues to users as to whether this email is a forgery or not. Context like the last four digits of your credit card, a practice used by Citibank when communicating with customers in email.

Irrelevant - similar to inappropriate, irrelevant may also describe the nonsense prose often used by spammers to poison the spam filter. Read more about the limitations of spam filters in our report, The Spam Index Report.

Bulk - to be effective, spam must be sent to thousands of email accounts in order to make the tiny fraction of users that will respond to the spam a worthwhile quantity. 

The Father of eSpam

User Rating:  / 0

Details

Created on Monday, 17 September 2007 08:00

Written by Peter Brockmann

At Interop Las Vegas earlier this spring, I had the pleasure to meet Gary Thuerk, the charming former DEC marketing executive and posed for a photo with him at the Sendio booth. That's Gary on the left.

Gary is an articulate and spry retiree with a penchant for self-effacement and just call it like it is talk. His story about the first unsolicited marketing message (not really spam since it was quite appropriate and certainly well identified and therefore not anonymous) in 1978 that he was responsible is quite funny.

As part of the DEC team assigned to the ARPA (a Defense Department-funded advanced research agency), Gary wanted all 300 endpoints in the network to get the message about a new DEC computer that they could proudly purchase. Well, the issue was that there was no 'undisclosed recipients' and given the limits of addressing, half or more of the 300 addresses bled into the message field.

This made the message quite unintentionally illegible, and for some addressees, the message led to storage overload for the messaging application. The original nodes of the Arpanet were afterall multipurpose computers and not the specialized email servers that are certainly in regular use today.