Permessa Control! v6 is the Most Comprehensive Monitoring, Reporting and Compliance Solution for IBM Lotus Domino and Lotus Sametime available today.

LOTUSPHERE, ORLANDO, FL. (PR WEB) January 18, 2010 – New versions of the award-winning Permessa Control! products were announced today by Permessa Corporation at Lotusphere in Orlando, Florida. These products enable enterprises to both lower costs and improve compliance with their mission-critical messaging systems. Permessa Email Control! won the 2009 Lotus Award for Best Tool or Utility and was a finalist for the prestigious 2009 IBM Beacon Award. Permessa IM Control! was a finalist for the 2009 Lotus Award for Best Collaboration product.

See the full announcement here.

Share/Save

No question, this is a bad practice. All emails, auto-generated or not, should have a valid return address, not simply as a matter of customer courtesy, but also for other reasons. As it turns out, many of these messages cannot be delivered to the intended recipient. People’s email addresses change, they forget to update their email notification preferences, and of course many anti-spam filters mislabel these messages as spam and block the delivery.

And here is where it gets interesting.
Some of the geniuses in charge of these mail servers apparently use as the “fake” return address: some_address-at-donotreply-dot-com. DoNotReply.com of course is a valid internet domain, registered thankfully to somebody with a sense of humor. Chet Faliszek maintains a blog that exposes the worst offenders.

What really got my attention is who’s made the list:

• The Department of Homeland Security
• Merrill Lynch
• MessageLabs
• Capital One
• Verizon Wireless
• Microsoft

Besides the embarrassment, there is also great potential for legal liability for these companies, as some messages contained privileged information.

If you are in charge of messaging operations at your company, I would suggest reviewing the procedures for configuring auto-mailers. Here is what I recommend:

• Provide a valid return address to accept undeliverable messages.
• Implement a process that checks this bounce mailbox and purges undeliverable email addresses from the auto-mailer after a certain count.
• Include a real email address for customer support in the do-not-reply disclaimer in the body of the message to allow recipients to respond.
• Include an unsubscribe link in the message.

Technorati Tags: donotreply.com, email risk, mass-mailers

Share/Save

What does this mean to your business? It is usually easy to tell in the morning who stayed up late to watch the end of last night’s game, and the media has covered the impact on worker productivity.

Every company observes their seasonal and event-induced spikes in messaging traffic, which also affects productivity. What is not apparent is the hidden cost of that traffic.

Many firms are now archiving all emails due to current regulatory requirements, and the the cost of that non-business email is adding to the bill. Do you know how much personal email is circulating in your company’s network, and is your archiving solution smart enough to filter out those emails?

Perhaps this is something to think about when reevaluating your archiving solutions and corresponding budget.

Go Pats!

Technorati Tags: personal email, hidden email cost

Share/Save

The rules covering electronic communication typically spell out the terms of use, appropriate and permissible content and usage limits or restrictions. These rules are driven by HR and business policy and more often follow specific regulatory and compliance requirements that must be monitored and enforced.

What is somewhat surprising is that the monitoring and enforcement function, in many cases, is the responsibility of corporate IT, often without being given the proper authority to act on violations. Michael Osterman of Osterman Research recently wrote about this issue in his blog, quoting this particular incident:

“One of the panelists in a session on content filtering and encryption told us about her experience when responding to someone who had violated a company policy on inappropriate content being sent through email. This panelist, a senior IT manager, reminded the individual about the corporate policy, to which the offender replied, “Bite Me!”. The individual who offered this less-than-appropriate response is no longer employed at that company.”

Anybody who has ever worked in IT can probably relate and may recall similar encounters. The issues of contention surrounding email are plentiful:

• Exceeding of message size and mailbox storage quotas,
• Emailing of inappropriate content,
• Email overuse for personal purposes,
• Illegal message forwarding, and
• Other disruptive user activities.

Companies are well advised to remove IT from the thankless role of the policy messenger. It leads to employee burnout and can create a hostile work environment.

Instead, regulatory and HR violations should be routed automatically to the appropriate business manager with the proper authority to enact on the rules.

The same applies to core IT policies such as quotas. Rather than having IT chase individual offenders, firms should implement technology solutions that can automatically enforce IT policy while offering alternatives that enable employees to get their work done.

Technorati Tags: email policy, best practices, osterman research, inappropriate conduct

Share/Save

“Though Wall Street has learned the consequences of paying too little attention to messages zipping through its corporate pipelines, other ways of communicating have cropped up faster than regulators have been able to address them.”

Although the specific guidelines are not yet published, the general principle is to implement solutions to monitor all text based electronic communications.

This also means prohibiting the use of personal email and instant messaging in order to prevent  bypassing the enterprises monitoring solutions. Some firms already block access to personal email web sites and suggest limiting the use of personal cellphones.

Technorati Tags: email monitoring, wall street, compliance, risk management, electronic communication, NYSE, NASD

Share/Save

The exact details are a little sketchy, but it seems that a list of job candidate profiles containing social security numbers and personal email addresses was mistakenly sent as a broadcast message originally intended to inform about job opportunities.

“She hit a button and it sent out a broadcast e-mail, so it certainly was not intentional on her part, …”

I always feel bad for the employee that makes this type of mistake, since the ramifications can be significant – but to err is human.

Identity theft through impersonation via social security numbers is common place and companies must pro-actively protect the personal information of their employees and customers.

This raises a number of questions:

Why would anybody be permitted to extract lists of names, email addresses and social security numbers from a company database in the first place? Sensitive information should always be obfuscated and only be accessible on a need-to-know basis per individual record. In essence, that kind of data should never be stored in a portable document format.

Secondly, why does it always take the occurence of a serious incident before businesses take action? Companies should actively protect themselves and their employees from such mistakes. There are technology solutions available today that can help in preventing accidental and deliberate data leakage via email. The costs associated with one single error can easily outweigh the cost of a preventative solution.

Technorati Tags: email data leakage, social security number leak, ssn, information risk management, identity theft

Share/Save

A review of the data quickly confirms some of the usual suspects:

• Spam
• Document sharing
• Mailing list subscriptions
• Personal emails, and
• General overuse of email

There is however a notable addition to this mix: Voice mail messages sent as “.wav” attachments via email.

Unified Messaging now also referred to as Unified Communication is slowly but surely making its way into the enterprise. Maurene Caplan Grey had a good take on the difference between unified messaging and unified communication posted in a recent blog entry:

“What’s the difference between unified messaging and unified communications? From a purist perspective, UC means near real-time communications (instead of store-and-forward), which integrate with line-of-business processes and workflow. However, with the mushrooming of UC hype, the difference between UM and UC will be semantics. UC sounds sexier than UM, yet UM dressed in the UC emperor’s clothes is still UM.”

While initial implementations were expensive and plagued by integration issues, modern on-premise and hosted VOIP telephony solutions all offer some sort of voice mail to email forwarding capability.

However, that is just the beginning. Both IBM and Microsoft have committed to the development of unified communication solutions, in essence integrating their existing email, IM and collaboration products with telephony. I think it is fair to assume that email will remain the medium of choice for storing and transporting voice mail messages.

The primary concern when deploying VOIP is typically focused on network issues, specifically QoS to guarantee voice quality. Companies planning the deployment of these solutions must carefully evaluate the impact on the entire infrastructure before embarking on a full-scale rollout. The secondary impact on email traffic and storage can be significant. A 30-60 second voice mail generates on average an email of 100kB in size. Legacy PBX voice mail doesn’t allow to store an unlimited number of messages for an infinite time. Email integration changes that.

Lastly, let’s not forget the compliance implications. Many companies are now archiving their emails, in some cases for up to seven years. The voice messages stored as emails will add to the archiving volume and makes you wonder what kind of cost it would add to potential e-discovery projects.

Bottom line: Unified Communication is coming. Make sure you consider all of the cost factors when planning a deployment.

Technorati Tags: unified communication, unified messaging, VOIP, voice mail, email archiving, email storage

Share/Save

A few hours later Apple employees received another email:

“You may have received what appeared to be a Bullet*News from Apple. This communication is fake and did not come from Apple. Apple is on track to ship iPhone in late June and Mac OS X Leopard in October.”

The correction spread just as quickly as the fake story and the stock has recovered since. There is wild speculation of what really happened here:

“This couldn’t all be about checking for where Apple’s leaks are, could it? Or perhaps a criminal ploy to get a Apple stock at a discount?”

It is highly unlikely that Apple orchestrated this in an attempt to trace insider leaks. Instead, I am sure the IT department at Apple is scrambling to find out who high jacked their email system.

Either way, Apple could be open to liability claims due to the impact on the stock market, if the company is found to have acted in bad faith or grossly negligent.

Companies must realize that their messaging infrastructure is a powerful communication tool capable of reaching thousands and in some cases hundreds of thousands of employees. As such, corporate email and IM must be better protected from misuse. Most companies already lock down the send-to-all capabilities (I’m sure Apple does that as well), but the recently publicized cases at Apple and KP show that this is not enough. Stricter email policy enforcement can prevent these unsanctioned emails from ever being sent.

Technorati Tags: Apple fake email, email policy enforcement, email risk, email policy management, Apple

Share/Save

I am sure that many of us can sympathize with the employee’s mistake. The common use of multiple address books containing internal and external addresses often mixed with personal contacts in combination with the oh-so-handy recipient type-ahead feature of contemporary email clients make it very easy to send a message to the wrong address.

Thankfully, in this particular case other than embarrassment no real harm was done, since the leaked information contained all but good news for HP. Just imagine if the message contained proprietary engineering specs, customer or employee data, strategic marketing plans, … The list goes on, you fill in the blanks.

This raises the issue of good email practices and enforced policies that would help to avoid such situations.

Here are a few examples of how to prevent this:

• Do not send confidential information via email, use a secure document sharing system instead.
• If email is used, make sure to protect the message and/or attachments through encryption and possibly Digital Rights Management (DRM).
• Implement an outbound content inspection and traffic monitoring solution that enables flexible use policies and workflow.

Technorati Tags: HP email leak, email policy, outbound content inspection

Share/Save

(see also: Outside email use puts companies at risk and Losing emails is difficult, but finding them may prove expensive).

eWeek just published an article about email archiving that seems to support this trend.

The article notes:

“Only about 14 percent of all corporate e-mail accounts are currently being backed up and archived for future access, but that number is going to shoot up to nearly 70 percent by the year 2011, according to a new storage industry study.”

The article further predicts a significant rise in per user mail volume over the next few years based on data from a recent Radicati report.

While this is good news if you are in the storage industry, corporate IT departments will face increasing pressure to control the impending cost escalation by exploring strategies to slow email growth as well as the implementation of tight email retention policies.

The tide may finally turn: For years, IT staffers at many companies have been told to back-off on implementing mailbox quota restrictions and retention policies especially when it comes to executive mailboxes that are often gigabytes in size. This picture will most likely change rather quickly as archiving costs mount and corporate lawyers fear hidden liabilities.

Technorati Tags: email archiving, email evidence, corporate risk management

Share/Save