Inbox Zero: Plotting a Route to Less Stress

I was intrigued to see that someone named the fourth week in January, ‘Clean Out Your Inbox Week’. This was an initiative aimed at helping employees take control of their inbox and reduce email overload. Ever expanding inboxes are something we all have to deal with at work and home, and many people struggle to manage their inbox effectively…often cited as a major cause of workplace stress.

With Mimecast’s cloud archive service, the archive is bottomless and sits securely in the cloud, and off the corporate network.

With Mimecast’s cloud archive service, the archive is bottomless and sits securely in the cloud, and off the corporate network.

From our point of view, this is not just an issue for individuals but also a situation impacting corporates and their IT departments. As email inboxes get bigger and data storage costs rise, more and more management resources become sucked into looking after this growing email infrastructure and its mass of unstructured data.

But happily there are solutions to these problems.

Even the most hardened hoarder of emails can be helped. Firstly, if your organization uses a cloud email security service like Mimecast you can significantly cut the spam cluttering inboxes and clogging up costly data storage on the network. The vast majority of email that hits your network is unwanted spam (estimates vary in excess of 70%) and our service stops this even reaching your organization. If you don’t do this, checking and filtering this email wastes valuable IT time and resources unnecessarily.

Once you’re sure what’s in the inbox is ‘real’, next stop is effective filing and archiving.  The problem is that for many people storing their emails into an archive is a concern – they are sending the email and its attachments off to a dusty, never to be seen again archive out of their control. Once it’s there, it’s simply too difficult to recover– so these emails stay languishing in the inbox and squatting on the enterprise’s network just in case they need them.

With a cloud archive service like Mimecast’s, we help you get round that problem. The archive is bottomless and sits securely in the cloud, and off the corporate network. So IT managers can reduce their storage burden. For the user, the archive is interactive – they can search, access and re-use all their archived emails forever safe in the knowledge it’s being securely and safely stored indefinitely if they want. When we show IT managers and their users this, we see a major shift in attitude about the archive. The concern about using them proactively to help manage the burden on their inbox goes away. If this archive is then paired with end user productivity tools like our mobile apps, the archive can become invaluable – available to users where and when they want, on their device of choice.

So you can have the best of both worlds. A zero mail inbox and easy, searchable access to every mail you ever received or sent if that is what you want or need. This will be good news to those emailers who made a New Year resolution to finally get off their IT manager’s naughty list.


The Eerie Quiet of your Junk Folder

Spam volumes on the Internet are down on this time last year. Great news, we can all relax and stop worrying about our Junk or Quarantine folders or that missing million dollar order that might he hiding therein.

Brian Krebs wrote a great piece on the take down of the most prolific botnets, which is thought to be the main cause of drought in spam. It’s certainly true to say that since the likes of Spammit, Rustock, Coreflood, Pushdo and Bredolab have been knobbled the output of spam has been noticeably less.

Less spam is great news, but I’m worried. I suspect this eerie quiet in our spam and junk folders is a false sense of security, and one that is waiting to draw us into a more evil and harmful place.

Think about it this way. You’re a spammer…

Imagine you’ve been spamming people since 1997, persuading them to buy penny stocks, herbal enhancements and more recently fake AV products. You’ve been getting frustrated at the shrinking rate of return on your efforts, for the billions of spam messages you send you’re only seeing a 0.002% return or even less; mind you, at $30 for a bottle of those fake-little-blue-pills that’s still a few million dollars.

Why the decline? Well because we the vendors, are doing a better job of detecting and dealing with spam. Giving customers a 98% anti-spam SLA means we’re confident we can keep that junk and rubbish out of their inboxes. The same is true for personal or webmail accounts, providers are simply getting better at protecting users.

Then just when you thought things couldn’t get much worse someone shuts down your botnet, or the FBI takes away you hosting provider. Bad day at the office?

This is why I am worried…

Given the business challenges the spammers face today it’s no surprise we’re seeing a decline in the volume of spam. But are we? The figures we’re looking at here are related to spam volumes delivered over SMTP based email, and those have been on the wane for some time. The recent precipitous drop makes me feel uneasy about the spammers new business models. You might be surprised I’m using the word ‘business’ in relation to spammers – don’t be; this is their business, they have offices, employees, health-care plans, support lines and staff retreats just like everyone else.

These business models embrace all the latest social media trends. Spammers are simply jumping on the new mechanisms we’re using to communicate, social media gives them everything they need and in many cases an even more targeted audience who are trained to ‘like’ the same things their peers do.

The deeper impact of this switch to less well evolved communication channels, is that the classic AV and AS protections deployed at the corporate gateway are fast being made redundant. Their rules unenforced, their quarantines empty. The threats they protect against are getting onto the network via other means that in many cases are far less well protected. The point is that the spam isn’t going away, it’s just changing and adapting to the marketplace; the users might be breathing a sigh of relief when they look at their inboxes, but I can guarantee you they’re not doing the same elsewhere – Try tweeting the word mortgage or loan and see what happens.

The old money was SMTP email based spam, but just like everything else in corporate IT consumerization is taking over; spammers & scammers are simply keeping up with the trends.






One cheer for DKIM!

Standards work is generally conducted in what feels like slow-motion. More than a few highly-detailed conversations last for months or years. To those of us who’ve spent time in such conversations, it can be big news to learn that big news may be only a few months away. But for maximal, heart-stopping excitement, it should hint at the possibility of some day making real progress against spam.

That’s exactly what seems to be happening in the case of DKIM (Domain Keys Identified Mail), an emerging standard for cryptographically linking each message with the sending domain. In conjunction with some future developments, it could take a big bite out of “phishing” — unsolicited email pretending to come from a trusted institution.

Just a couple weeks ago — hot off the presses, in standards time — the chair of the IETF DKIM working group made the dramatic announcement (in the first paragraph) that things are going well.  This means   it could be as little as a few months before DKIM becomes a Draft Standard — a misleading term that describes the highest level that successful IETF standards generally attain. (MIME, for example, is a Draft Standard.)  I think DKIM will be the first spam-focused standard to complete the standards process.

Exciting, huh?

If you’re not accustomed to emptying the ocean with a cup, you can be forgiven if you’re breathing normally. But there are dozens of possible antispam measures not yet in use, and they will only work together effectively in the context of a very formal framework — a set of interlocking standards.

To oversimplify a bit: time favors the spammers because it takes far more computer power to examine a message than to send it. This advantage will probably last as long as Moore’s Law does. Eventually, inevitably, we will need to develop a more systematic approach integrating multiple interlocking technologies.

DKIM is, at long last, the first of those pieces. By itself, as its opponents are quick to tell us, DKIM will do NOTHING to stem the tide. But then, while a single rock can’t hold off a flood, a wall of them can.

So, it’s time to celebrate the near-completion of a decade’s work by some very good people. Even though it does almost nothing useful today. With all the energy I can muster, let’s hear it for DKIM: Hip-

[Full disclosure: Eight years ago I helped broker the peace treaty that merged DK and IIM into DKIM.  And Barry Leiba is my friend.]



Why is Email So Complicated? Part 409: Murky Ethics

I’m currently reading a fascinating book, Evolving God, by Barbara King.  Professor King uses her years of experience studying apes as a starting point to explore how humanity evolved religion and ethics.  It turns out that we share certain aspects of morality with apes, a sign that some of our basic morality evolved over eons, going back perhaps seventy million years.

It is because of this evolutionary history that our society doesn’t struggle to manage a “Right to Eat Babies” movement, because nearly all of us have inherited a nearly instinctual morality that characterizes baby-eaters as sick, evil, or both.   Our moral battles instead focus on issues that have arisen relatively recently, in evolutionary terms.  Abortion, for example, didn’t become a battleground issue until it became a safe medical procedure in the previous century.

Email technology is younger than I am, and I don’t seem to have evolved one bit.  Our evolutionary heritage offers no guidance for many of the thorny ethical dilemmas email has created.  Our inability to agree on the definitions of right and wrong surely complicates email immensely.

Take spam:  everyone, save a few sociopaths, loathes it.  But I’ll go way out on a limb here and reveal that I don’t consider spam immoral.  It’s a bad idea that mucks up communication and creates incredible amounts of unnecessary work and expense.   In many ways, it’s more of an question of judgement and etiquette than morality. If you leave a big box of candy with a child and he eats it all, he’s shown bad judgement and perhaps greediness, but I wouldn’t call it immorality.

Now, I’m not trying to start a defense of spam.  I’m as happy as anyone to see spammers shut down, and the worst ones even jailed.  But I see spam as being in large part the fault of a communication system that has eliminated all possibility of regulating behavior through pricing.  Email is, in this sense, what the law calls an attractive nuisance.  A technology deserves some blame for the antisocial uses it facilitates.  Someone who is driving safely but over the speed limit deserves to get a ticket, but hasn’t acted immorally in my book.

This may seem like splitting hairs, but a difference of opinion over morality can easily grow into larger disagreements about laws and punishments.  A thousand  years ago, when abortion was a last resort because it usually killed the mother, discussions over its morality were largely academic, but they certainly aren’t today.  I have heard — though I still can’t believe it — people advocate the death penalty for spammers.  If that ever became a serious movement, the question of the morality of spam would take center stage for sure.

Because I believe that spam is caused by greedy, impolite people, I support filtering, voluntary authentication, moderate legal sanctions, and other countermeasures.  Someone who believes spammers violate the laws of God would likely support harsher measures.  Our evolutionary and cultural heritage gives us no guidance; there were no spammers in the savanna.

Each new technology gives us new ethical gray areas, further complicating our lives.  Email has brought us several more ethical complexities, most more subtle than the morality of spam, which I’ll discuss here in the future.  For now, though, I’ve got to go — there’s a chimpanzee who wants my help getting thousands of bananas out of Nigeria, and it seems like too good an opportunity to pass up.