Executive Conversation: Why Cloudmark Took the Path Less Traveled
by Melisa LaBancz-Bleasdale - Monday, 14 June 2004.
As Mr. Jacobs pointed out, many issues are often caused by technology that was developed five or more years ago, sufficient for use in the early days of spam but no longer meeting the needs of today’s companies. As the world has seen over the past year, spammers have found their way around almost every anti-spam system the industry has been able to implement. In the cases where spammers can’t go through technology, they merely go around it through phishing; well-planned bouts of social engineering, for which, quite unfortunately, there is no cure.

In response to whether Cloudmark believes in the importance of email authentication, Mr. Jacob says, "We actually think authentication in the email system is a good thing, however we are not as willing as others to believe that it’s going to be adopted overnight. The other issue here is at what level the authentication happens. The easier way to do it is authentication around domain names or IP addresses but of course the issue that you run into is that email is a very personal thing. I’m not really interested in trusting the whole of CitiGroup to send me all the right messages that they’re supposed to send me. As a consumer, I want to be able to select what I authenticate. I want to choose what I should get and what I shouldn’t get. Until those systems address those issues, they will only be of use at the very high levels between ISP’s where they can authenticate everyone at Comcast or Yahoo or wherever." For Cloudmark, authentication is just the beginning. They are true believers that in order to have a successful system one has to be able to have authentication as well as reputation. Knowing who a sender is, is one thing, but knowing their reputation should be the deciding factor on whether or not they are allowed through the door. They take a merciful stance when it comes to forgiving spammers for past misdeeds and support their desire to become legitimate.

As Jacob says, "Understanding people who’ve gotten their act together is another key to a successful system. A problem with a lot of today’s systems is that they presume once you’re out of the club, you’re out of the club forever. It’s difficult to imagine a small spammer dealing with legal wranglings, filling out all types of forms to get themselves removed from a "bad sender" list. If you end up on the other side of a large company’s black list, good luck trying to get off any sooner than two weeks."

Cloudmark has made a reputation for themselves with their peer-to-peer technology. Yet peer-to-peer hasn’t always been embraced as the next best thing and is often confused with illegal activity such as sharable/downloadable music files. When asked why he feels the peer-to-peer architecture works, Jacob answers - "In my opinion, the reason peer-to-peer works is the same reason that ebay works. When you empower individuals, even in a tiny way, and take that and lash it together in a community so that one click turns into ten clicks, turns into millions of clicks. We’re still seeing what the power to peer-to-peer is actually. It leverages all the power of all the machines in the network and also, interestingly enough, leverages the people, and it turns what would normally be an insignificant deleting of a message into a powerful piece of feedback for the network, which helps that person and helps everyone connected to the network."


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th