Privacy Concerns?
I almost fell out of my chair laughing while reading this article on CNN.com talking about ISP’s that are afraid of implementing browsing tracking technology from targeted ads from companies like NebuAd because of privacy concerns. It seems that the US government is suddenly concerned about online privacy and there are inquiries into companies like these and threats to ISP’s that attempt to role out this technology. Protecting privacy sounds like a great idea to me but it is so little, so late that it is laughable to hear that the US government’s position. Taking a highly cynical view it sounds more to me like Google has finally hired lobbyists to preserve their monopoly on privacy invasion in the US.
Google tracks most of what we search, lots of what we browse, lots of what we click, lots of our email, lots of our video viewing and slowly wants to penetrate all personal web services to watch all that we do online including photo sharing, document sharing and now web browsing. All for the sole purpose of selling us the most targeted ads imaginable. Google has stored, sold and profited from more personal information about us than we can ever imagine and their behavior is entirely unchecked. Somehow we are suppose to feel comforted that the politically correct billionaires of Google have our best interests in mind since they give free M&M’s to their employees and are such great guys but it is just a matter of time until someone with enough money and interest will expose how much our trust and privacy has been exploited by Google.
If the US government is so concerned about companies like NebuAd that they threaten ISP’s that try to profit from them then it is time to take on the beast that is Google and look at what is really going on with all of our private data that they store and sell.
Technorati Tags: Google, NebuAd, Internet Privacy
Should You Disinfect?
Lately we have come across a few cases where the use of disinfect as an action for virus infections causes problems with MPP. Tangentially related, we are coming across issues with clamav or clamd that make it dangerous to use discard with these scanners if you are not careful. I want to make you aware of the particulars of these issues.
First of all, using disinfect as an action for email virus scanners is not very useful since the majority of email borne viruses are worms. Since a worm generated email only contains the worm itself there is nothing to disinfect. Disinfect presupposes that there is a real file that has been infected and that disinfecting will help use the file again. Fortunately virus scanners have become defacto standards on email servers so the incidence of actual email borne viruses has become statistically low, especially when compared against the prevalence of spam and phishing emails.
For a while customers were asking for MPP to have different actions for worms and real viruses but since we use so many different scanners and they all report differently, combined with the fact that both worms and email borne viruses have been largely held in check, we opted not to do this. Additionally, and this leads to the next point, spam scanners started detecting and reporting email worms while virus scanners, and clamav in particular, have started to report phishing emails as viruses.
While Clam’s detection of phishing emails sounded like a great idea it has become problematic in practice. We are getting many reports of false positives from ClamAV, something unheard of in the past, and it is no surprise that all of the false positives are from phishing signatures. Phishing signatures can be disabled by setting “PhishingScanURLs no” in the clamd config file and I highly recommend avoiding Clam’s experiment in your production network.
One important point is that disinfect is not supported with either the clamd or clamav scanner within MPP.
My recommendation is that if you really care about not losing legitimate email then you must quarantine. My recommendation is to discard virus infected emails altogether as the incidence of false positives without clamav phisihing signatures is minute with the current antivirus technology.
MPPv4 - Coolest MPP Yet
With the release of MPPv4 we have the coolest MPP version yet. I am going to go into the nitty-gritty of new features in subsequent posts but I will highlight the coolness here:
-
Threading Redesign Though this sounds arcane and technical…it is
The result for you is that our SMTP scalability is greatly improved. - Content Filter Redesign We completely redid the content filter technology to support international character sets, new regular expression technologies, per-expression actions, ability to create complex expressions and shared memory resources between policy groups. We have not had a chance to integrate all of this into the GUI yet but in time we will. All of the capabilities are there, however, and it is quite cool.
- Sender Policy Framework SPF is a methodology to verify the authority of an SMTP server to send on behalf of a domain.
- Spam Scoring Enhancements MPP has a custom spam scoring algorithm to create composite scores of multiple MPP tests. In MPPv4 we have added SPF results as well as content filter expressions. This is very cool because now with MPP custom spam scoring you can make sure that your important messages will never be marked as spam by a content scanner. Think of this as content based white lists.
- Redesigned GUI MPP Manger has been reorganized to highlight functionality over features and simplicity over options.
- New Documentation MPP documentation has been rewritten from the ground up and divided into three documents - an install guide, a configuration guide and an archive and quarantine management guide. The documentation has been written based on the GUI and functionality as opposed to being focused on configuration file options.
- More…. Bugs have been fixed, small things added like new macros for bodystripping and many many more things that I will discuss in future posts.
There’s never been a better time to use MPP and I hope you will check out MPPv4.
Google Competition? Cuil
CUIL seems to have spent some of their 33mil on PR today and wound up with some great coverage. My personal try of it was a little quirky since it was finding references to my search for ‘Michael Katz Message Partners’ in email headers from mailing list posts but it was pretty impressive nonetheless.
All I can say is that I hope that they are successful. I love Google searches and I appreciate the free services, but that company made way too many billionaires to be benign. They have far too much private information about us to be trusted in my view. They control what we see on the Internet and their hidden algorithms can destroy your web presence or shoot your traffic to the moon for no real reason it seems. Of course they heavily skew traffic to big adwords buyers but that is another story.
I am especially annoyed at their anti-competitive Postini pricing which stinks to high heaven of antitrust violation in my view. Their bargain-basement pricing is having a major negative effect on the email filtering market, and since the revenue that this produces for them is negligible at best it really makes me wonder about their true motivation. Some billionaire doesn’t really need to make a lot of money from this service and shareholders don’t see a ton of upside from its profitability, but it sure is a kick in the ass to smaller companies trying to make a living when a monster gives away their services at a loss.
So I say kudo’s to Cuil and I hope they can succeed at humbling the arrogant giant that is Google.
A New Era for Email Security Appliances?
Yesterday I saw an announcement that Trend Micro is going to cease selling the InterScan Messaging Security Appliance (IMSA), InterScan Web Security Appliance (IWSA), and InterScan Gateway Security Appliance (IGSA) in favor of software appliances and managed services. Pretty interesting development for such a major player to retreat from a hardware strategy but it is such a cluttered market with so many undifferentiated offerings that it must make business sense for them. If a Chinese company can’t make money selling hardware, where presumably labor and hardware costs are so much lower, then I think this a real harbinger for the industry.
Technorati Tags: trend micro, email security
Introducing MPPxpress
I am pleased to announce that we are launching an email filtering and archival managed service - MPPxpress. This service offers all of the benefits of MPP in a managed service. With MPPxpress there is no software to manage, no updates, no system requirements, etc. Just point your MX record to Message Partners and we do the rest. The service is launching with two service levels and we will add archival in a few weeks. Learn more here.
Search AmavisD and Postfix Mailing Lists with MPP!
I am pleased to announce a free service to search the popular MySQL, AmavisD and Postfix mailing lists using the MPP email archive viewer. To give it a try logon here:
http://herbie.raeinternet.com:20000
user: mknews
pass: search
Go to archive using the link on the top and search away.
The end-user view of Antispam
Today I read an article in the Wall Street Journal by Lee Gomes that gives an excellent view of the end-users perspective of the antispam fight. One of the biggest topics of discussions that I have with administrators of antispam solutions is the question of how to deal with spam. Should they quarantine, mark subjects, discard, reject, etc. It is a religious debate that has more to do with company policy, personal preference and IT budgets than anything technical, but it is interesting to me to hear Mr. Gomes prove how smart he is by agreeing with my general advice to people :-). My advice to all admins is taht users don’t care so much about getting extra spam but the minute you quarantine an important email you are dead meat.
With that precept in mind here are some general guidelines that I recommend.
1) Make sure that your antispam solution can fit everyone in terms of spam actions but start with the least restrictive policy. The least restrictive policy is either putting spam into a spam folder that is accessible by the users email client or marking subjects.
2) Only quarantine spam if your boss wants you to. Spam quarantine is expensive to manage and rarely checked. You will get a screaming call about a lost email and most likely the user has no idea how to check their quarantine and you will be the one clamoring around looking for the email and you will certainly have your head chewed off for being the sole cause of the malady. If you want to quarantine for all people make sure that users or admins can turn this off for themselves, as they can with MPP.
3) Mr. Gomes points to his experiments with changing filter levels from more restrictive to least restrictive and being disappointed with the results. My experience is that these knobs are mostly useless, especially the ones that make futile attempts to categorize spam. Give me the Viagra and Vicodin spam, but I sure don’t want to see the mortgage offers. Who thinks like that? In my experience spam companies to a horrible job of categorizing spam and it seems like a big waste of time anyway. Give your users the ability to change spam actions but these extra knobs will only bring problems as they did for Mr. Gomes.
4) Perfection is as elusive as the $40million that Barrister Hollings offered me from his hideout in Kenya. He points out that even the great Postini, which Google handsomely overpaid for, has false positives in the high sensitivity settings and misses lots when the sensitivity is set down. Don’t expect perfection and don’t back yourself into a corner by over promising and quarantine or rejecting too much spam.
5) If you decide to use quarantine systems less than 5% of your users will ever logon and of those 5% probably only a handful will ever dive too much around in the settings to see what’s available. Beware of a strategy relies on end-users learning your systems, they will mostly ignore them until it’s time to take off your head.
Email Archive Improvements
Want to give you a quick update on our email archive capabilities. First of all, we added an IMAP import option so that we can import email from your IMAP message store. We can do mass imports for multiple users or 1 user, 1 folder at a time if you like. Lots of flexibility with this feature and we are real excited about it.
Next feature to speak of is the enforcement of archive quota’s. Now we can set quota’s for domains and we can send warnings to an admin when the quota’s are being reached.
And still more…We have improved our translation capabilities so that it is easier to translate MPP Manger into other languages
Tracking Email Messages with MPP
I want to let you know about an MPP feature called Message Tracking that is quite useful for service providers or anyone that needs to have a compact record of each email message that they process. This feature was introduced in MPP quite some time ago but we never had a GUI interface for it until recently.
The idea with Message Tracking is that MPP will record a small record of each transaction in an SQL database. You can configure the level of detail that is stored, but the full detail is only a few bytes per message. MPP stores all types of information such as message id, remote relay IP, scan state, score of each scanner, message result, parse result and more. The database is very easy to query and very scalable.