Cisco buys Exchange-a-like vendor PostPath

Updated with more commentary 4.16pm UTC. Hello, Techmeme.

Suddenly, things are getting interesting again in the Exchange-alternatives market.

The quintessential growth-by-acquisition specialist, Cisco (CSCO), has just announced that it's acquiring PostPath.

Once again, Cisco makes a sound investment in an email technology vendor. Just like it did with IronPort. Great choice.

These are the clever guys who reverse-engineered the Exchange client protocol, MAPI/RPC, and the related on-the-wire details needed to make a vanilla install of Outlook talk to a non-Exchange mail server with full fidelity. Impressive stuff.

Despite Om Malik's analysis, this is quite a bit different from Zimbra.

Of all the other Exchange alternatives, PostPath has the most interesting architecture. And I say that as one who has years emotionally invested in the HP OpenMail technology ;-)

All the others rely on additional software on the desktop. In the case of OpenMail/SamsungContact/Scalix/Domino/etc., a MAPI service provider "plugin". Or, like Bynari/OpenXchange/etc., a separate app that synchronized an IMAP store with an Outlook.PST (personal store file).

I think Cisco fell out of love with Microsoft a while back. Something to do with VoIP support in Exchange and how Cisco thought it was Microsoft's partner but it turned out that Microsoft was competing with them. Nothing familiar there at all...

Sounds like Cisco wants to offer SaaS collaboration, based on PostPath and WebEx. Whoever said the email world has become dull and uninteresting?

Thanks to Jeff Brainard for the tip.

Locally-Maintained Reputation

In response to yesterday's blog post, Cisco DE Jim Fenton* wrote:

reputation can be locally-maintained. Local reputation is not as powerful as shared reputation services, but does provide benefit in the short term.

Yes, that's right. Local domain reputation is often expressed in terms of whitelists and blacklists. Without sender authentication, these are notoriously unreliable.

It nicely illustrates one of the benefits of authentication.

For example, users of anti-spam filters sometimes find their colleagues' email in the quarantine, so they add a wildcard whitelist entry for their domain. They soon discover that a significant chunk of spam will have their domain forged into the sender address. Without sender authentication, there's not a lot can be done about this.

However, with sender authentication, you can have a whitelisted domain entry that only allows the message a free pass if the authentication passes -- otherwise the normal spam filtering rules apply.

You could even impose a local policy that says if a message "from" our domain fails authentication, we'll reject it as spam, but this is probably too risky, at least in the early stages of deployment.

* - well, they claimed to be "Jim Fenton" and I assume it's that Jim, but perhaps it was a dog

More About Why Cisco Bought IronPort

As I mentioned last week, Cisco bought IronPort for $830 million.

Clearly IronPort's reputation data is part of the prize for Cisco. Perhaps also, the PostX email encryption technology will possibly be useful (IronPort bought PostX last year). Perhaps some enhanced competition for Identum and Voltage? Alternatively, I fear that Cisco may let this stuff wither on the vine -- PostX customers should be concerned and watch closely.

An interesting question is what will happen (if anything) with SpamCop. IronPort deliberately ran SpamCop at arm's length as a matter of policy. It's not clear whether Cisco will maintain that policy. SpamCop is of course part of the raw data feeding into IronPort's reputation database, along with the data phoned home by the IronPort boxes.

As we saw with the BlackSpider acquisition by SurfControl, spam control companies that aggregate lots of data about spam sources are valuable, for reasons in addition to spam control. For example, if a zombie is sending spam, it's also probably a potential source of other bad stuff, such as worms and distributed denial of service attacks.

See also: my roundup of blogger reaction to this story in Friday's IT Blowatch.

Anti-Spam Market Consolidation Continues -- Cisco Buys IronPort

Today, Cisco announced that it has acquired IronPort Systems for $830m in cash and stock.

Cisco is of course well-known for its "growth by acquisition" strategy, and was notably lacking in solutions for email hygiene. It makes sense for it to buy an appliance vendor.

IronPort and Ciphertrust have been the appliance market leaders for some time (albeit challenged by the appliances launched by large, conventional software vendors such as Sophos and Symantec). Ciphertrust was of course bought by Secure Computing in 2006, thus leaving Cisco with an obvious choice.

Will we look back at 2007 as the year of spam control market consolidation? We've certainly seen some significant M&A activity in previous years, but there's still plenty of scope for your vendor to be acquired or run out of VC money.

[Edit: it's now officially $830m, not $850m as I was originally advised by IronPort]