All posts tagged Email

By on December 12, 2011

What’s in an email address?

PasswordThere has been much debate recently about the value of email when compared to Instant Messengers and Social Media. I’m not going to reinvigorate that debate here, but the whole passionate brouhaha has got me thinking about what it means to actually have an email address and how important that short string of text has become.

Two words spring immediately to mind when I think about what is actually in an email address, those words describe a process that has quite a profound affect on you as a users of Internet services. Those words are;

           “Password reset”

Your email address, whether given to you by your employer, your ISP (remember CompuServe?), or chosen by your own fair hand seeks to identify you. In many cases an email address is your name, or part thereof, and is generally recognizable unless you’ve taken steps to make it less so.

I have an incomplete thought about this identity; we take this identity for granted, we assume that this identity is true, and we generally don’t question the legitimacy of an email address or the identity of the supposed sender. This of course is exploited fantastically well by malicious senders who are attempting to dupe us out of our financial information or login credentials. As a former penetration tester I can tell you that I’ve always had 100% success with email-based attacks sent from addresses that ‘claim’ to be from someone they’re not, especially if the sender demonstrates a little knowledge of the recipient or subject at task.

But, and here’s the paradox; we understand social engineering and phishing very well, yet we still treat an email address as an identity don’t we?

Often this identity is all you need to carry out that password reset; gain control of an email address or account and you have instant access to a mind-boggling array of personal accounts and information. Often the ‘forgotten password’ link simply asks you for your address, sometimes you may be prompted for more information – ‘mothers maiden name,’ ‘place of birth,’ ‘month of birth’ etc – social media anyone? Some sites even ask you for ludicrous validators like “your preferred internet password.”

I expect that just supplying an email address to a website to request a password reset is a shortcut on that website’s part, they could do more but probably don’t want to over complicate things for you. This is a fantastically naive expectation of identity on a simple, string of text. I suppose the expectation is that the recipient hasn’t had their email account compromised, but no website I’ve ever used has asked that question.

Culturally an email address now makes up a significant part of you identity, in some cases it is 100% you. I suspect without the casual and formal asynchronous subject centric communications currently known as email (to coin a phrase of our CTO) you will find you lose a little of your identity, even if you can no longer reset your <insert website of choice here> password.

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on September 7, 2011

Guest Post: Opportunity Knocks in Cloud Email

Our latest guest post is by Philip Carnelly an Analyst with PAC. With over 25 years of experience as an industry analyst, software developer and project manager, Philip has become one of the best-known and most respected analysts in the sector. His work has covered business applications, BI, document management and KM, and latterly Philip has focused on Cloud, Software as a Service and application services. We had the pleasure to spend a morning with Philip- and here’s what he thought- reposted from the PAC blog.

Back in the early days of Cloud applications a decade or so ago (it was generally called ASP back then), I was convinced that the most obvious and easy area for Cloud to colonise would be email. In a sense, that proved to be true, with the big webmail systems – Hotmail, Gmail, Yahoo!mail – gathering hundreds of millions of users. But they were free services. CRM got most of the publicity, because that got paid-for users – real companies putting down real dollars to use online CRM from Salesforce, Microsoft, and others.

But more recently, take-up of paid-for cloud-based collaboration solutions – email++ so to speak – has been gathering pace across the globe, with some big-name (and large-scale) adoptions: fairly evenly split so far, it seems, between Google (Gmail and Google apps) and Microsoft (BPOS and Office 365). IBM’s LotusLive is also still in the mix. Drivers for adoption include flexibility, rising need to support mobile workers, desire to off-load the management of a non-core, non-differentiating system, and the opportunity to consolidate multiple systems into a single platform: all goals facilitated by Cloud-based solutions.

The latest such move here in the UK is Tata Steel Europe (TSE), which signed up Capgemini to help it transition to an Office 365 system over the coming months. No numbers were released, but a quick squiz at the annual report shows that TSE has some 34,000 employees, of which I’d guesstimate that around half are in the UK – and I reckon that the majority of staff would be covered by the new system. This echoes another high-profile deal last year where CSC helped Royal Mail move 28,000 employees onto BPOS.

But the opportunities for cloud-based email don’t begin and end with the big two and the giant SIs. We’ve recently met with two smallish but innovative UK-based companies who are doing very nicely out of email in the Cloud – both taking advantage of the huge momentum behind Exchange.

The first is Mimecast, which grew its business 66% last year (and 91% in the US – a tough nut to crack for a UK company). The company offers a pure-SaaS security and archive/retrieval service for Exchange, which works equally well with on-premise and Cloud-based Exchange servers (Office 365). This latter is a real plus point – companies can sort out their security and archive/retrieval policies, put those in the cloud first, and then migrate to cloud-based mailboxes as-and-when convenient – possibly in a number of stages. It can work with intermittent connectivity solutions – handy for mobile workers and executives. It’s also compatible with Blackberry, and iPhone is coming soon: key “must-haves” for knowledge-based companies in particular. UK customers include law firm Eversheds, De Beers and Bolton Wanderers FC.

The second company is Cobweb, which is exhibiting a similar growth trend to Mimecast: it is likely to double its installed base in the coming year. Cobweb reckons to be the “largest independent SaaS provider in Europe of Microsoft Exchange & SharePoint.”  Customers range from small to large, and include Virgin Media, Thames Water and Bedfordshire Police. Cobweb offers multi-tenanted hosted Exchange solutions, linking up with Symantec (former MessageLabs) to provide the archive/retrieval and security side of things. This then, is a sort-of competitor to Office 365 – but as is the way with IT, Cobweb is also a strong partner to Microsoft. It is one of the few companies to truly exploit Exchange Hosting Edition. Its key challenge to growth right now seems to be recruiting sufficient partners to reach its potential audience but it must be careful to always show its value add/differentiation from vanilla Office 365.

What these two companies tell us is that while the Cloud is consolidating core infrastructure service provision, there’s plenty of scope for innovative solutions based around those core offerings. The growth of cloud-email is not limiting opportunities to simple resellers existing on the thin margins from commission-based sales of a vanilla service.

Small companies would be brave indeed – even foolish! – to go head to head with the US giants. But by bundling and pricing services in the right way there is plenty of scope remaining to carve out a lucrative and sizeable niche, both locally and in the US. This is particularly true in the middle market, where needs are more complex than simple mailbox provision, but skills and resources are more limited than in large enterprises.

Add your comment (0)

Cloud Strategist
Mimecast

Article Tags

, ,

By on August 15, 2011

IT Pet Peeves: Email

Email has evolved to be one of the most important and relied upon forms of communication and collaboration within the workplace. Unfortunately, the second email goes down, employees are often quick to either blame IT or jump to another email service during the downtime.

We polled some of our favorite IT people about their key pet peeves when it comes to email. There were lots—but the most critical ones are summarized below. Remembering these will not only help conserve IT resources, but will also ensure that you don’t end up on your IT manager’s hit list.

Peeve #1: Users copying themselves on all emails

While you may think copying yourself on every single email is being proactive, doing this quickly takes up a business’ existing storage space. This practice creates many unnecessary data redundancies, especially since many businesses have data archiving practices in place. Find out what your company’s archiving policy is and you will no longer a need to copy yourself on every single outgoing message.

Peeve #2: Emailing Company documents to personal addresses

In a recent study, we found that 79% of respondents claimed to have sent work emails to or from their personal accounts. Unfortunately, these were not sporadic instances as our respondents admitted to sending company information to personal addresses on a regular basis. Sending and receiving key business documents or messages through external sources means businesses won’t have any eDiscovery insight into those email platforms or conversations, which can become a significant legal headache down the road or create a data loss nightmare for the IT team. At all times possible, keep company information within the business.

Peeve #3: Saving every email

It goes without saying that as professionals, we are sometimes slaves to our attachments. Yet, by overusing attachments or not removing them from email messages, users quickly clog up the available space within an inbox and slow the delivery of email to other users. Additionally, in the absence of an endless inbox limit, employees have often experienced the huge frustration of a crashed inbox because it exceeded the size limit.

To avoid this pain, file only that which absolutely needs to be saved and delete the emails that are not work-related. For example, guaranteed in two weeks you won’t have a need for that email discussing the location and menu of where your team is planning a dinner.

When it doubt, refer to Justin Pirie’s thoughts on the Getting Things Done and how it can help tame the inbox monster.

Peeve #4: Not protecting mobile devices

With the introduction of tablets and more sophisticated smart-phones, today’s enterprise is more mobile and consumerized than ever. As discussed above, around 85% of business information is held within company email and with email and documents available via these devices, there is a greater chance for exposure of confidential information. Additionally, it’s inevitable that an employee will leave their mobile device, laptop or tablet in a cab, on a train, in the back seat pocket of an airplane or on the table in a coffee shop. That said, take easy security precautions, such as password protecting the device and email, to ensure business information is protected as best as possible.

Peeve #5: Ignoring the compliance risks

Our Generation Gmail research has found 36% of inbound email to work inboxes is not work related. While it can be easier for all email to be funneled into one account, personal email not only congests company storage space (see pet peeve #1), but can also be retrieved in a company compliance investigation. Additionally, certain key words within a personal email can trigger a notification to the IT team. For dignity’s sake, don’t give out your work email address to personal contacts and encourage friends and family to email your personal account only. For example, if all personal emails reside within the business, there is a risk that your boss will see how fun a friend’s bachelor party really was.

In our experience, email snafus are to be expected. While the best email policy will meet the needs for both the business and the users, there are a few ways to help an IT friend out.

Let us know if there are any other top email peeves that should be highlighted here – we would love to hear your thoughts!

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on July 5, 2011

One cheer for DKIM!

Standards work is generally conducted in what feels like slow-motion. More than a few highly-detailed conversations last for months or years. To those of us who’ve spent time in such conversations, it can be big news to learn that big news may be only a few months away. But for maximal, heart-stopping excitement, it should hint at the possibility of some day making real progress against spam.

That’s exactly what seems to be happening in the case of DKIM (Domain Keys Identified Mail), an emerging standard for cryptographically linking each message with the sending domain. In conjunction with some future developments, it could take a big bite out of “phishing” — unsolicited email pretending to come from a trusted institution.

Just a couple weeks ago — hot off the presses, in standards time — the chair of the IETF DKIM working group made the dramatic announcement (in the first paragraph) that things are going well.  This means   it could be as little as a few months before DKIM becomes a Draft Standard — a misleading term that describes the highest level that successful IETF standards generally attain. (MIME, for example, is a Draft Standard.)  I think DKIM will be the first spam-focused standard to complete the standards process.

Exciting, huh?

If you’re not accustomed to emptying the ocean with a cup, you can be forgiven if you’re breathing normally. But there are dozens of possible antispam measures not yet in use, and they will only work together effectively in the context of a very formal framework — a set of interlocking standards.

To oversimplify a bit: time favors the spammers because it takes far more computer power to examine a message than to send it. This advantage will probably last as long as Moore’s Law does. Eventually, inevitably, we will need to develop a more systematic approach integrating multiple interlocking technologies.

DKIM is, at long last, the first of those pieces. By itself, as its opponents are quick to tell us, DKIM will do NOTHING to stem the tide. But then, while a single rock can’t hold off a flood, a wall of them can.

So, it’s time to celebrate the near-completion of a decade’s work by some very good people. Even though it does almost nothing useful today. With all the energy I can muster, let’s hear it for DKIM: Hip-

[Full disclosure: Eight years ago I helped broker the peace treaty that merged DK and IIM into DKIM.  And Barry Leiba is my friend.]

 

Add your comment (0)

Chief Scientist
Mimecast

Article Tags

, ,

By on May 19, 2011

The Hidden Security Danger- Don’t Let Email Be Your Downfall

Despite seeming like an age ago, InfoSecurity Europe has only just come and gone for another year… Boy this year is going fast!

I took the opportunity at InfoSec to update my take on Generation Gmail- Why are corporate email users flocking to webmail to get their job done?

Before you can answer that question, it’s important to ask why that’s even a relevant question?

  • It is believed around 80% of corporate Intellectual Property (IP) is contained within email- when it goes to personal webmail you lose control of this
  • If 80% of your corporate IP is in email- that means a lot of your trade secrets are in there too.
  • There are Data Protection and Data Sovereignty requirements to comply with, with legal bodies like The ICO, FSA etc to comply with.
  • Does Personal email comply with anti-malware requirements?
  • Password Policy?
  • Retention and audit policies to enable e-discovery?
  • Legal requirements- like disclaimers and notices (Company Number, VAT etc)
  • What about Data Leak Prevention?
  • Interception by third parties?

The answer, clearly is a resounding NO. And why should personal webmail providers comply? It’s personal webmail – not intended for corporate use.

This is creating a complete nightmare for corporate IT- and despite IT making individuals aware that this isn’t allowed and the risks involved: they’re still doing it….

What’s driving this?

Overwhelmingly, the evidence is pointing to the consumerisation of technology. The increasing use of technology in peoples personal life is making them aware of, and used to, what is possible, and they’re bringing (demanding?) the same technology in their work life. iPhones and iPads are a case in point though our research shows email is becoming the new battleground.

This represents a massive shift- is this the first time personal or consumer technology is driving the business technology agenda? Our Generation Gmail research suggests so- 65% of people say that home and work technology overlaps.

Yet despite this consumerisation- people keep saying “email is dead”. New data I got yesterday from Neilsen (via Hubspot) shows that time spent using email on mobile phones leads almost any other mobile internet use by nearly 4x, at 38.5%. Social Networking is second at a paltry 10.7%.

Clearly email is not dead- it’s the lifeblood of communication. And with mobile shipments surpassing PC shipments for the first time ever this year it’s going to continue it’s ascendence.

What should companies do about it?

It’s a complex answer, dependent on your particular technology situation, location and regulation you’re subject to. There isn’t a one size fit’s all answer. Typically we’ve seen that email hasn’t been a priority investment area through the last few years- with a lot of businesses remaining on Exchange 2003 and 2007 as a way to mitigate against the costs of migration. Users now feel like the corporate email doesn’t compare favourably with consumer webmail- which is right, since the technology is nearly a decade old in some cases. That’s why they’re finding innovative ways to work around perceived obstacles and becoming “workaround workers”.

Policies alone aren’t enough to stop them- they have to feel like corporate email is a better alternative to personal email. They have to want to use corporate email.

So what can companies do?

Typically the majority of migration costs aren’t the Exchange piece- it’s the environment that sits around it. Over the years IT has had to bolt on solutions such as Archiving, Security, Disclaimers, Secure delivery, etc. The list goes on. Managing this complexity through a migration adds to risk and complexity which creates cost. I think IT needs to put themselves in a position where they can migrate, when they’re ready, because Exchange 2010 for example, is a big step up from 2003. Night and day different actually, especially if users are on Outlook 2000 or 2003 and make the move to Outlook 2010.

Don’t let users put you on the back foot with personal email- start putting the steps in place today to get migration ready and get them wanting to use corporate email.

Here’s the deck:

The Hidden Security Danger – Don’t Let Email Be Your Downfall
View more presentations from Justin Pirie

Add your comment (0)

Cloud Strategist
Mimecast

Article Tags

, ,

By on April 1, 2011

Why is Email So Complicated? Part 409: Murky Ethics

I’m currently reading a fascinating book, Evolving God, by Barbara King.  Professor King uses her years of experience studying apes as a starting point to explore how humanity evolved religion and ethics.  It turns out that we share certain aspects of morality with apes, a sign that some of our basic morality evolved over eons, going back perhaps seventy million years.

It is because of this evolutionary history that our society doesn’t struggle to manage a “Right to Eat Babies” movement, because nearly all of us have inherited a nearly instinctual morality that characterizes baby-eaters as sick, evil, or both.   Our moral battles instead focus on issues that have arisen relatively recently, in evolutionary terms.  Abortion, for example, didn’t become a battleground issue until it became a safe medical procedure in the previous century.

Email technology is younger than I am, and I don’t seem to have evolved one bit.  Our evolutionary heritage offers no guidance for many of the thorny ethical dilemmas email has created.  Our inability to agree on the definitions of right and wrong surely complicates email immensely.

Take spam:  everyone, save a few sociopaths, loathes it.  But I’ll go way out on a limb here and reveal that I don’t consider spam immoral.  It’s a bad idea that mucks up communication and creates incredible amounts of unnecessary work and expense.   In many ways, it’s more of an question of judgement and etiquette than morality. If you leave a big box of candy with a child and he eats it all, he’s shown bad judgement and perhaps greediness, but I wouldn’t call it immorality.

Now, I’m not trying to start a defense of spam.  I’m as happy as anyone to see spammers shut down, and the worst ones even jailed.  But I see spam as being in large part the fault of a communication system that has eliminated all possibility of regulating behavior through pricing.  Email is, in this sense, what the law calls an attractive nuisance.  A technology deserves some blame for the antisocial uses it facilitates.  Someone who is driving safely but over the speed limit deserves to get a ticket, but hasn’t acted immorally in my book.

This may seem like splitting hairs, but a difference of opinion over morality can easily grow into larger disagreements about laws and punishments.  A thousand  years ago, when abortion was a last resort because it usually killed the mother, discussions over its morality were largely academic, but they certainly aren’t today.  I have heard — though I still can’t believe it — people advocate the death penalty for spammers.  If that ever became a serious movement, the question of the morality of spam would take center stage for sure.

Because I believe that spam is caused by greedy, impolite people, I support filtering, voluntary authentication, moderate legal sanctions, and other countermeasures.  Someone who believes spammers violate the laws of God would likely support harsher measures.  Our evolutionary and cultural heritage gives us no guidance; there were no spammers in the savanna.

Each new technology gives us new ethical gray areas, further complicating our lives.  Email has brought us several more ethical complexities, most more subtle than the morality of spam, which I’ll discuss here in the future.  For now, though, I’ve got to go — there’s a chimpanzee who wants my help getting thousands of bananas out of Nigeria, and it seems like too good an opportunity to pass up.

Add your comment (1)

Chief Scientist
Mimecast

Article Tags

, ,

By on March 25, 2011

Part # 146: We’re Slaves to Our Attachments

The second of the Four Noble Truths, the most fundamental tenets of Buddhism, tells us that the cause of all suffering is attachments.  As one of the authors of the standard that defined email attachments (MIME), I bristle at this gross exaggeration.  Surely attachments are responsible for no more than 25% of human suffering.  (Most of the rest, I think, is caused by cancer, reality television, and okra.)

To understand why email attachments are such a problem, we must start in the 1980′s, the final days of the pre-MIME era.  Standard Internet email included 7-bit ASCII text, and nothing more, but three different kinds of experimentation were going on.

People in various non-English speaking countries had unilaterally adopted conventions that allowed them to send mail in their own languages, though none interoperated with each other.  You could compose a message in Hebrew, but if you viewed it with non-Israeli software it would be gibberish that differed with the language the software expected.

Meanwhile, several of us were experimenting with extending email in various ways.  I was part of a group that talked about “multimedia mail” which we prototyped at Carnegie Mellon as part of the Andrew system.  Email messages in Andrew included in-line images, audio, animations, even interactive pianos.  It was very cool, and we eventually interoperated with some folks at BBN who took a similar approach.  The word “attachment” wasn’t in our vocabulary.

Finally, several vendors were experimenting with the simpler goal of including files in email.  This they accomplished, in various mutually incompatible ways.  They called their achievement “attachments.”

All three groups soon recognized the need for a standard that would allow the features they cared about to work well across vendors and implementations.  But most had no interest in the features the other groups considered crucial.  (Even non-English text isn’t necessarily important, if you’re American!)

MIME came about because the great Einar Stefferud introduced me to Ned Freed, and suggested that we try to make all three of these groups happy.  Like most standards efforts, there were many compromises and some mistakes as well.  One of the bigger ones was that we didn’t, in the first incarnation of MIME, differentiate between attached files and included multimedia objects.  People thought of them as one or the other, which led to odd behaviors that persist to this day.

The problem was later addressed with the addition of a “Content-Disposition” header that explained whether or not the object should be displayed in-line, but not all MIME implementations have honored it.  The result is that in some mail tools, I can put pictures in line between stretches of text, and naively write about them as if they’re appearing in the order I see them.  But some of the recipients of the email may see all of them at the end of the message, not as pictures but as icons representing attachments.

Here’s how complicated this stuff really is:  Yesterday, I was sitting with a colleague, discussing an email topic far too complex for a blog post about the complexity of email, and we ended up discussing how attachments were represented by the two mail tools that we used.  Finding that we had completely different understanding of the facts, we did some experimentation and found that we were both wrong.

Let me reiterate:  A first-class email engineer was talking with the author of MIME about how email attachments are handled by the mail tools we use every day, and we were both wrong.

At this point, I’d love to follow the Buddha’s advice and free myself from attachments entirely.  Unfortunately, studies indicate that 85% of all business data is stored as email, and most of that is in attachments.  We appear doomed to continue enduring a certain amount of suffering.  But perhaps we can do something about okra?

 

Add your comment (2)

Chief Scientist
Mimecast

Article Tags

, ,

By on March 18, 2011

Encryption Follies, Infinitely Repeated

Some Hindu philosophers estimate that the universe repeats itself every 311 trillion years or so.  Modern scientists such as Sir Roger Penrose have lent credence to this basic idea, though with less precision.  Everything that  happens, it seems, is likely to happen again and again and again.  I find this vaguely comforting.

What I find less soothing is the many things that are endlessly repeating within the brief interval of my career in computing.  The problem isn’t one of reinventing the wheel — successful inventions like the wheel become a part of our lives, so we never need to reinvent them.  Instead, it’s the bad ideas that keep coming up again and again.  Their past failures are precisely what allows them to be forgotten until someone comes along a few years later and thinks they’ve got a great new idea.

What’s spurred me to such philosophical musings is the recent announcement that the German government has invented a new kind of secure email system.

The Register article does a good job of explaining several of the fatal problems with this scheme, so I’ll concentrate on the historical picture.

The basic idea is a fine one:  Help people to easily authenticate and/or encrypt their email messages.  Unfortunately, such tools haven’t caught on, despite decades of effort.  What’s new about the German system?  Mostly just another round in the endless cycle of time.

There are many reasons for the failure of secure mail in the marketplace, but the German government doesn’t seem to have bothered learning about them.  Instead, they intend to make it work by mandating its use for certain purposes.  And, as an added bonus, the government and your ISP’s can helpfully access copies of your cryptographic keys.

Now, I wouldn’t underestimate the capability of a strong government to mandate how its citizens behave when interacting with the state.  If the government only dispensed your tax refund if you asked for it via a webcam, wearing nothing but a funny hat, most people would comply.  But wherever the funny hat was optional, it would stay in its box, reviled, resented, and ridiculed.

This is what happened in the early 1990′s, when the Clinton administration developed a funny-hat encryption scheme known as the “Clipper Chip.”   Although envisioned as a hardware solution rather than a software one, Clipper had much in common with the German approach.  It provided users with encryption capability — the ability to hide your words and data from the world — but gave the government a back door to bypass the encryption.  After all, everyone trusts the government, right?

Clipper was first announced in 1993, and formally abandoned in 1996, but it never saw any real use.  Had the government absolutely mandated it for an important purpose, it might have been adopted for that purpose, but nothing more.  The concept of encryption is a tricky one, and requires some explanation for new users.  If you follow up your explanation with “but the government can bypass everything,” users will breathe a sigh of relief, knowing that they don’t need to learn it because they don’t have any use for it.

The German effort was born of a real need:  to give electronic documents and communications a legal status strong enough to underlie important transactions.  This can be done with many existing cryptographic schemes, including the venerable PGP and S/MIME.  It’s hard to see how sabotaging the security of cryptographic keys can make such systems more popular. Recent research conducted by Mimecast shows that users will always find ways to work around systems that are restrictive or difficult to use. I expect that in a few years, the German government will quietly give up, and it’s the last we’ll hear about government-mandated key-compromised cryptography.

Until the next time.

 

 

Add your comment (0)

Chief Scientist
Mimecast

Article Tags

, ,

By on March 11, 2011

Why Is Email So Complicated? Part 362: Too Many Lazy Idiots

I’m probably going to spend the rest of my life completing this series of essays about why email is so complicated, but I’d really hate to go to my grave without mentioning one of the deepest, least soluble, and most frustrating reasons:  lazy idiots.  I rarely call anyone names, so let me explain.

As is probably clear to anyone reading these essays by now, email is inherently very complicated.  The best minds in the email world — and some others — have worked tirelessly and endlessly to figure out how to make it work well.  This has resulted in a host of standards, most of them well specified in excruciating detail.  They’re not perfect, but if everyone complied with them fully, the world of email would be much more reliable and significantly less complicated.

Unfortunately, a remarkable number of people who write software that sends email not only don’t follow the standards, and not only don’t read the standards, but don’t even know that the standards exist.  They look at a few messages, say “I can do that,” and write software that produces things that look, from a distance, like email messages.  The myriad ways such software violates the standards is a significant, ongoing, and probably permanent factor in the complexity of email.

Consider, for example, the hotshot young programmer building a web site for his uncle.  He designs an HTML form that includes a box to input an email address, and when he gets one, he sends his uncle’s information to that address in the form of something with a From, To, Subject, and Date field, but which only follows the standards if he gets extremely lucky. This happens all the time, every day.

A few such messages are an annoyance.  But now and then, the kid and his uncle get lucky.  Whatever it is they’re doing, it catches on, and soon they’re sending out tens of thousands of malformed messages every day.  What happens on the receiving end?

To a certain type of person, it might seem obvious that a mail server should simply reject or discard any malformed mail.  That, surely, would teach the offending party to pay more attention to the standard.  But traditionally, the Internet has been built on the philosophy of “be liberal in what you accept, and conservative in what you send.”  This is the philosophy that has made the net function, and many implementors take it as gospel.

Even if this weren’t the case, the marketplace forces mail servers to race each other to the bottom.   Consider the case of a third party that regularly sends out malformed mail that the recipients actually want.  If mail server A accepts it, and the customer changes to mail server B, the customer will be outraged if mail server B doesn’t also accept the message.  They will consider mail server B’s attempts to enforce the standard to be a bug, and inevitably B will be changed in order to keep the customer happy.  This happens all the time, every day.

The result is that every mail server in the world has to take its best guess about what certain messages mean.  Is an incorrectly wrapped line supposed to be part of the previous header, a new header, or the beginning of the body?  Is an incorrect newline indicator supposed to be a newline or part of the previous line?  (I’ll write more about these specific cases later, if I live long enough.)  Inevitably, different servers make different guesses; once you’re outside the standard, there’s no right answer.  And also inevitably, sometimes these guesses are wrong, and result in messages that appear malformed or unreadable to the end user.

This happens all the time, every day.

It’s unlikely that the world will ever run out of lazy idiots.  But it’s relatively rare for one of them to decide to start naively spewing poor imitations of TCP/IP packets.  Unfortunately, sending email is such a user-visible function, and the format looks sufficiently simple, that email generation seems to be the project of choice for the protocol-challenged.

We can do our best to educate them, but I think there’s an endless supply.  We can cope with it, of course.  But it does make things more complicated.

Image via Robbo-Man and CHRISTOPHER MACSURAK on Flickr

Add your comment (0)

Chief Scientist
Mimecast

Article Tags

,

By on March 9, 2011

Generation Gmail: 10 tips for keeping corporate email users happy

At Mimecast we discovered a new type of corporate user, the Generation Gmail user; and they are really making a splash. We’ve already written a blog post on who they are and why they exist. The research backing up our discovery can be found here (registration required).

The gist of the story so far is as follows: Our research has identified a new type of user within the corporate network; a user who is happy to use his or her personal accounts outside of the organization to work around restrictive or productivity-sucking policies. We call this user a Generation Gmail user, as they are likely to be under 25, and jump out to Gmail in order to get their work done when their business email account doesn’t deliver the goods.

We seem to have caused a stir as many of you have emailed us to say this is exactly what has been happening within your own organizations; some have told me that they are the prime example of a Generation Gmail user and have gone into great detail when telling me why. Thank you – it’s always great to hear your real life stories.

So we put our brains together, including the huge brain of our top email scientist Dr Nathaniel Borenstein, and came up with ten handy hints to help you keep your users happy, contented and, importantly, working inside your network and the systems you have worked so hard to provide.

Mimecast’s Ten Top Tips

1.       Look for clever ways to keep your users ‘on the reservation’ and inside the corporate email environment. The steps below will help, but so will motivating them in the right direction. By clever ways, I mean think of things like the ‘Deals of the Day’ websites that deliver enticements directly to users’  inboxes. Doing this internally isn’t that much of a stretch and would have many other knock-on benefits.

2.       Keep your business email up and running. One way or another this is getting cheaper and easier to do. Tolerating downtime is very old fashioned these days, as the technology exists to keep your email up and running at 100%.  So why not use it?

3.       Educate your users away from the ‘controlling and enforcing’ position. Let them know that the odd personal email isn’t a problem. Of course explain what you mean by “appropriate use” and what’s generally bad, but also explain the benefits of the business system.

4.       In the same conversation, don’t just tell your employees not to use external or personal email systems for work. Explain to them the real-world risk, use a few demonstrations or case studies and make this a story that resonates, rather than another plain old policy update.

5.       Make mobile access work. Decide on the mobile platforms which will work and then make them work! If you support one type of mobile device, consider what users of the other device will do. If this means providing your users will a common mobile platform, consider this a goodwill gesture to them.

6.       Make mobile access really work. Do your users really need a cumbersome VPN solution with pin and token code? Is it realistic to expect them to fire up their laptops and login to the network just to send an email? See number 5.

7.       Make your corporate email system better than the personal solutions your users are going to. Give them the tools they need, the technology is out there you just need to deploy it.

8.       Importantly don’t limit email storage. See number 7. This is something the IT department has had to do in the past because of the limitations built into core email platforms, but those problems are slowly disappearing and the cloud is a great way to offer a bottomless mailbox integrated with your corporate inbox. This includes finding a solution that allows you to eliminate PSTs too.

9.       Update your systems. Keep the platforms fresh, review on an annual basis, and make a change. Too many businesses get stuck in the past. Technology moves at such a pace, if you don’t keep up you’re often left, at best, incubating your own workaround-workers, and at worst being uncompetitive in your market.

10.   Above all; listen to your users. They vote with their mouse and keyboard. If they argue that their personal system outperforms the work email find out why. Fix the problem rather than fob them off. See number 9.

From here it is really going to be down to you. I’ll bet that you know you already have a few workaround Generation Gmail workers? That’s nothing to panic about, but does give you a focus for how you develop your email systems in the future.

Good luck!

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,
Previous Posts