Ferris Research has completed the most comprehensive survey to date of business email systems, interviewing more than 900 companies around the world about their preferred vendor, upgrade patterns, plans for migration, and what they pay for their software. The report looks at small (1-99 employees), medium (100-999 employees), and large (1000+ employees) organizations in the following vertical markets: financial services, government, manufacturing, healthcare, telecommunications, education, and computer-related. Of the respondents, 654 are based in North America, with the remainder primarily in Europe.

“This is by far the largest survey ever done on messaging systems, and we think the results will be of great interest to any vendor looking for real data about the nature of the market and where it’s going,” said David Ferris, president and senior analyst. “The reality is that vendors often know how many total units of a particular product they’ve sold, but breaking down that data by customer size and vertical is often beyond their reach, as is understanding upgrade or migration patterns. This report gives vendors raw numbers about market penetration of products and product versions, as well as valuable insight into user behavior. The data will help them develop their product roadmaps and strategies more effectively, as well as provide IT departments with insight into the plans of their peers.”

For more information, see http://www.ferris.com/?p=318858. The report is free to paid subscribers of Ferris information service and $2,495 for others: purchase from the website.

… David Ferris

A quite common type of spam message is now a very short message of the form:

• WordsJoinedUpLikeThis
• http://somedomain.com

This sort of message is very difficult to detect using content analysis techniques.

For the message to achieve its goal, the URL in the message needs to point somewhere reasonably stable, so that the intended targets of the message can follow it (although they do not typically stay around for a long time).

This gives a means to detect the spam, based on where a URL in the message is pointing. SURBL--Spam URI Realtime Blocklists--provide a means to do this. This uses a similar technique to the well-known RBL (Realtime Blocklists), which hold the location of spam sources in the domain name system. RBLs are now largely ineffective, as spammers rapidly move location using botnets.

SURBL refers to both a technique and a specific deployed SURBL, run by surbl.org. The data that drives all of this comes from SpamCop’s “Spamvertised Web Sites.” Operational experience suggests this is currently very effective at removing spam that is not easily susceptible to other techniques.

… Steve Kille

A recent Ferris report, The Central Role of Classification for Compliance and Content Control, described document classification.

Security labels (see backgrounder [Security Labels here]) provide a mechanism for document and information classification. Security labels are often used in environments where document classification is mandatory, and access according to this classification will be enforced.

The key benefits of security labels come when there is a requirement to enforce access. If classification is for informational or advisory purposes only, a simpler scheme is likely to make more sense.

Security labels provide a number of advantages where enforcement is required:

• A well-understood framework for managing and enforcing access.
• Standardized online representation of labels in ESS (Enhanced Security Services for S/MIME - RFC 2634).
• Labels can be bound to documents or email using X.509 digital signatures.
• Associated clearances can be bound to users in an X.509 digital certificate. In conjunction with the previous point, this provides important security capabilities.

Where enforcement of access is needed, security labels are a good classification mechanism.

… Steve Kille