Thursday 4 January 2007

Anti-Spam Market Consolidation Continues -- Cisco Buys IronPort

Today, Cisco announced that it has acquired IronPort Systems for $830m in cash and stock.

Cisco is of course well-known for its "growth by acquisition" strategy, and was notably lacking in solutions for email hygiene. It makes sense for it to buy an appliance vendor.

IronPort and Ciphertrust have been the appliance market leaders for some time (albeit challenged by the appliances launched by large, conventional software vendors such as Sophos and Symantec). Ciphertrust was of course bought by Secure Computing in 2006, thus leaving Cisco with an obvious choice.

Will we look back at 2007 as the year of spam control market consolidation? We've certainly seen some significant M&A activity in previous years, but there's still plenty of scope for your vendor to be acquired or run out of VC money.

[Edit: it's now officially $830m, not $850m as I was originally advised by IronPort]

Sender Authentication Doesn't Fix Challenge/Response

Happy new year. Sorry that the first post of January is about challenge/response (again), but surprisingly few people seem to get it.

There's this idea floating around that challenge/response filters are OK if they check SPF, SenderID, or DomainKeys -- only challenging messages that pass those checks.

Twaddle. This idea that SPF or SIDF or DKIM can tell you whether a message is forged is naive.

Firstly, implementation on the sender side is spotty. If there's no SPF record or DKIM header to check, you're back to square one.

Secondly, don't forget that most spam is sent by virus-infected computers (corralled into a botnet). There's nothing to stop virus writers from sending spam that passes an SPF/PRA/DK check at the receiving end.