Working hard to pay for life

I believe that IF there was a God then this God would see us all as equals under one church. I’ve formed the opinion that the core values mainstream religions teach strive to create compassionate, honest and caring attitudes towards all living things and that these core values are in fact independent of religion.

I was just reading this Ferris piece on Exchange mailbox sizes and thought it would be useful to document Cleartext’s strategy for our hosted email clients storage. The Ferris article starts;

‘Exchange 2010′s database strategy is very interesting. The new Database Availability Groups and the benefits they offer for data protection and quick recovery are striking.

Overall, Microsoft is optimistic that mailboxes will be able to grow to 10GB or more. However, it’s unclear how large mailboxes will perform in practice. Several concerns spring to mind:’  read more…

We (Cleartext) offer both mailbox hosting (via an Axigen ISP platform) and SaaS email archiving.

Our strategy is to keep hosted mailboxes as low as 200-500Mb and bundle these mailboxes with the SaaS archiving service for permanent email storage. This has several advantages;

1) Users mailboxes are easier to manage and migrate if needed and are less prone to data loss caused by IT systems issues or more often ‘user error’.

2) The SaaS archive has full text and attachment indexing meaning it’s quicker and easy to find email when needed.

3) The client can implement their retention policy on the SaaS platform to ensure compliance with eDiscovery regulations. Avoiding issues where staff delete email from their inbox.

This is a change to the usual large mailbox offerings from organisation slike Google but we believe is more appropriate for business deployments.

We often notice that despite our advice clients insist on leaving a ‘backup’ MX record in their DNS, this means that they a) don’t understand how spammers operate b) don’t understand that we have primary, secondary and tertiary routes for their email.

So I thought it timely to explain how MX routing works and why it’s not a good idea to leave an  ‘extra’ MX record in place that DOESN’T point to us. Lets assume your companies domain name is ‘your-company.com’ and you have such a backup record in place, lets say it’s value is 100 and it’s named postoffice.your-isp.net.

Mail servers route inbound email for a domain to the MX record with the lowest value, so looking at your MX records;

your-company.com.    3600 IN    MX 10 mx811.clearemail.net.
your-company.com.    3600 IN    MX 30 mx813.clearemail.net.
your-company.com.    3600 IN    MX 100 postoffice.your-isp.net.
your-company.com.    3600 IN    MX 20 mx812.clearemail.net.

Any mail server sending mail to anyone at ‘your-company.com’ will try to deliver to us at  the MX 10 value above (mx811.clearemail.net), and if that fails then 20, then 30. If all fail then the sending mail server will try to send to MX 100. postoffice.your-isp.net.

Often clients initially setup a backup mail route like the MX 100 you have above because there’s a worry that the main routes will all be unavailable, which is very, very remote given these (MX 10, 20, 30) all point to different parts of our infrastructure.

The reason we advise against this practice is that spammers have realised that some organisations do this so they send their spam to the highest route first, that would be to MX 100. This routes the email to your-isp.net and that system will then deliver email to your mail server. This bypasses Cleartext (or any other managed email security platform) thereby causing several things to happen;

1) Our multi-layered spam and virus filtering will not be applied.
2) Inbound email will not be archived and therefore unavailable for e-discovery
3) Any custom email rules, perhaps for HR reasons will not be applied
4) This inbound email will not be recorded anywhere in our logs because it’s bypassed us.

Looking at the above, 1) isn’t too much of an issue because your ISP may be applying rudimentary filtering therefore catching some of the spam, but they may let through phishing emails, trojans etc, 2) could be an issue because this email won’t be archived which means you may not be complying with e-discovery legislation and 3,4) could also be an issue if you need to trace email that someone says they sent to you, or HR needs to for some reason.

Now it’s arguable that 2-4 above won’t be too much of an issue because legitimate mail servers will send to 10, 20 or 30 first, but even so there’s still a chance genuine mail will route this way and do you want that if you end up in court with the other party doing email discovery on your organisation?

So, to summarise, if you use a managed email security service and have such a ‘backup’ MX record in place you currently have a ‘backdoor’ into your email system which could let spam or malware in and that routes email without your corporate policy being applied.

So make sure you don’t get caught out by having email routed around the very platform that’s supposed to be providing your email security and compliance requirements.

‘No speed limit, no crash barriers and no street lights’, that would have been fun at night in a fast car Some great picture here.

We had a glorious weekend and I actually managed to avoid doing any work, well all but 30 minutes.

I also managed to order replacement wing mirrors for my Rover, someone managed to clip the drivers side mirror while it was parked so it’s a good reason to buy two new ones.

Your credit balance has expired

Unfortunately, your Skype Credit balance has expired due to 180 days inactivity on your account. We sent you three reminder emails, but as we explained, this now means the balance you had in your account has been cleared.

Below is the Skype Credit expiry policy, detailing why your balance expired.

What are the rules for Skype Credit expiry?

1. Skype Credit expires 180 days after your last credit purchase or action that used credit, for example, calling a phone or sending an SMS message.
2. Each purchase, call or SMS message resets the expiry time to 180 days.
3. You will receive reminder emails 30 days, 7 days and 72 hours before your credit expires.

Talk soon,
The people at Skype

- Obviously not as my credit has been ‘stolen’.

Because they can.

Many times in the last 20 years I’ve seen independent  software vendors and IT solution providers flounder following an announcement by Microsoft about a new product. It seems that if they (Microsoft) see  a lucrative new area they announce early, often before they have anything to show let alone sell.

They’re at it again, announcing in April this year that Exchange 2010 will have archiving, but where’s the detail? What will it do, how much will it cost, will it support non Microsoft email servers?

There’s a problem with this, and it’s verging on unfair competition, they are effectively advertising something they don’t have. Is that even legal I wonder?

This can have a big impact on the sector in question. End users postpone a buying decision citing “waiting for Microsoft” which causes vendors of competing solutions sales pipelines to dry up or stall.

These same vendors have to re-evaluate their product roadmap, adjust their sales and marketing strategies all based on something that’s not real yet.

OK, so this is just ‘normal’ competition, Microsoft aren’t the only ones who announce ‘vapourware’ But given they have a near monopoly in many areas and have been proven by the courts to behave badly we should all be concerned.

I for one refuse to be held to ransom by a vendors promise to deliver ‘something’ when there are many good, some would say better solutions out there that work with these vendors systems. Innovation is alive and well on the ‘internets’, you don’t need to wait, there’s a solution out there already.

Why wait? In my experience you’re bound to end up paying more for a less compelling solution, delivered by a monolithic ‘old skool’ business that really only cares about share holder dividends.

- Disclaimer: Cleartext doesn’t sell or supply any Microsoft products or services, but we do sell compatible solutions that are far better, including a very nice email archiving service that works with all types of mail servers.

I’m obviously biased, I’m an XMPP fan, but I can’t help but think that Mozilla’s Raindrop project, in the context of the real time web, is missing the point.

It’s going to be a similar argument that swirled around Twitter in the middle of ’08. The big question asked then was why did Twitter drop a pubsub push messaging model for tweeting (XMPP) in favour of a polling (HTTP pull or fetch) model?

Surely in the real time web we need  a real time protocol, or close to it. Something like XMPP. We’ve all noticed that Tweets often have more latency than email, that’s because we’re all polling twitter and fetching updates, believe or not email is a push model (SMTP + IMAP/IDLE), that’s why it’s faster!

So I was disappointed to read;

Raindrop uses a mini web server to fetch your conversations from different sources

I was half hoping that these guys had produced a ‘stripped down’ simpler to implement XMPP type protocol. Alas no, we’re still playing ‘fetch’.

Even something like Pubsubhubub is moving in a reasonable direction. We really do need ‘always’ on connections if  the real time web is going to materialise any time soon.

I suspect the Mozilla guys are really trying to give us an ‘open’ version of Google Wave, which is a nice goal to aim for anyway. At least the guys at Google reaslise we need real time server-server federation and used XMPP for that part of Wave.

I’m afraid Raindrop looks like ‘just another’ attempt to merge multiple message types in a single innovative GUI, there are many projects that have attempted this, ours included

CRM – We binned SugarCRM last month because it became too time consuming to keep it up to date (it’s not very intuitive and ‘clunky to use, if you want a good CRM go here ) and the contracts support was terrible. I realised that running a SaaS business we needed a contract management system with some customer management features, not a CRM.

So we’ve built something simple in house, just 45 hours work with trusty PHP/Apache/MySQL. We now have a system a that tells us when contracts are close to renewal time, the revenue, costs and margin they give us. As a bonus the system calculates the upstream license fees to third party vendors (virus & spam for example) for active contracts.

That’s it, no complicated sales funnel, multi-stage lead-opp-close process, just simple tasks associated to each customer record, like ‘call’, ‘email’, ‘task’, ‘support’ and that does us nicely.

We’ll add document attachments soon so quotes and invoices can be uploaded, that means we can ditch BaseCamp (tasks), Clearspace -(document management) as well as SugarCRM.

There’s a big upside in that we can continue to enhance the system to suit our own needs, being in IT  I suppose we’re lucky we have the in house skills.

So, looks like I’m tweeting more than blogging now…

it’s good to see that the UK cheese industry is alive and kicking, article and cheese map (yum!)on the BBC’s web site.

I’ve been writing and talking about the possible changes at Twitter which will pull RT’s out of tweets and into the Twitter API, read the post below this one.

The guys at Twitter are being really great and asking me for my thoughts, so here’s a copy of the email I just sent to Ryan Sarver (Platform Product Manager) and Jeremy LaTrasse (Operations). Please chip in with your own thoughts.

—————————-

Hi Ryan,

I described the issue in my blog post linked below and here again;

http://www.davidbanes.com/2009/09/18/project-retweet-is-twitter-breaking-re-tweeting-for-some-of-us/

But briefly, there will be many third party solutions, both public facing and ‘internal’ company systems that have been built on Twitter expecting the ‘extended’ command structure, that is RT, # etc to be in the message body.

Moving these features to the formal API works well for direct connect apps like TweetDeck and Tweetie for example but will break others especially those like tweet.im where they proxy Twitter for people using XMPP clients.

Cleartext could fix this by updating our generic XMPP client side application and our cloud based gateways (that convert XMPP<>Twitter) to handle the new API’s but in doing so we’d be blocking all our customers using generic XMPP software (like Psi), unless we let them RT and we translate that to an API call, not good.

In summary, from an engineering and usability point of view I can see that this is the way to go for Twitter, just as email has a ‘reply-to’ header that users don’t see.  But from the point of all those who have invested to deliver products and services expecting RT and # etc to be in the tweet body, at best it’ll cost them a significant amount of time and money to ‘re-tool’ at worse it completely breaks their product or service.

I suppose it comes down to product strategy, is Twitter going to remain the preferred conduit for ‘raw’ tweets and leave the extended command syntax to the creative people in the community, or is Twitter going to continually pull new and innovative syntax into the API and ask third party solution providers like TweetDeck, Tweet.im, Tweetie and Cleartext to continually re-engineer?

So, my point is that I’d like to feel comfortable that you guys are taking this into consideration before making this change, after all it’s third party solution providers that help drive the tweets to Twitter and we have to manage our product life cycles as well.

best regards,

David.

PS – I’m going to post this to my blog to see if I can get some comments going.

————————

I’m assuming Apple have done all the research around the risk, both security and copyright for this new feature in iTunes;

—

• Home Sharing helps you manage your family’s iTunes collection between computers in your home. iTunes can automatically transfer new purchases, or you can choose just the items you want.

—

I recall some research MessageLabs did around 2003 that said email sizes averaged less than 20k, in fact maybe the number was 16k.

Anyway about  a year ago I took a look back over 2008′s data and we were seeing an average size of about 30k, the same view this year and I see that the average size of an email is now around 70k for outbound email and 200k for inbound email.

So that looks like an 85k average email size to me which is fair jump from 2003′s 16k. Note that these numbers are after the spam filters so we don’t get the numbers messed up by spam.

I’d be interested to hear from any other organisations on the sizes they are seeing.

Bob: I’m in the office, best way to get me is IM
Alice: you are not on sametime
Bob: No, why would I be on a proprietary IM network which locks me into chatting to people on that network only

Reminds me of early AOL and CompuServe (RIP), why do we still have large ‘walled garden’ IM networks?

Michael Osterman from Osterman Research was kind enough to post a short piece about Cleartext on Messaging Wire following our briefing with him last week.

Microsoft appeals for stay of Word injunction | Tech News on ZDNet.

Whilst I don’t like the way MS operates and feel they’d follow this through if the boot was on the other foot, I also dislike software patents, they’re the bain of the industry.

I can’t help but think that using XMPP for bookmark synch is overkill:) http://bit.ly/4C4rxn

Louise spotted this today, we’ve certainly been more favourable to Twitter enabled businesses.

—-

‘Avaya nabbed the deal through an unconventional new sales model — Twitter.

According to eWay chief executive Matt Bullock, he was evaluating voice solutions and narrowed his choice to two providers.

“I decided to send out a tweet to see if I could get feedback on who had experiences with these companies,” Mr Bullock said.

To his surprise, Avaya responded within 24 hours. “And within 48 hours (I) had spoken with Avaya and its business partner Fredon.”‘

—–

Full story here;

http://www.australianit.news.com.au/story/0,27574,25914391-15306,00.html

There will be a LOT of startups and their funding partners wondering about the 3rd party Twitter app or web site model at the moment (eg Tweetdeck and Seesmic), following Twitters failure to handle a DDoS attack.

Who really thinks it’s a good idea to build a business that solely relies on someone else’s business staying a) available, b) relevant. In my product management days I always had an eye out for diversification strategies, just in case the market landscape changed.

That’s one reason why Cleartext decided not to focus on ‘Twitter in the enterprise’ and instead build a platform that’s generic enough to handle many types of messaging. We’ve called this ESM, Enterprise Social Messaging.

After all, I don’t think anyone really thinks that ‘messaging’ is going to go away, is it? It just changes, email, IM, micro-blogging, these are all transformations of the generic message type.