David Skoll, CEO of Roaring Penguin Software, is building the e-mail management solution of the future on an open source platform, using the skills he honed as a student, when he wrote the most flexible calendar app we've seen.

by Alex Goldman ISP-Planet Managing Editor [September 1, 2005]

We initially declined an offer to talk with David Skoll, co-founder of Nepean, Ontario-based Roaring Penguin Software.

Then we read his anti-Microsoft rant in The Register. In the essay, he dissects the distortions of a Microsoft-funded research study (in the story he also links to this magnificent essay on Democracy and the open source movement by Peruvian congressman Edgar David Villaneuva Nuñez).

Skoll's open source background goes back to college, when he wrote a Linux calendar app called Remind. Still open source, the project is now part of Roaring Penguin. "I was a student trying to avoid work on a thesis," jokes Skoll. "I worked for two years on it between being and undergraduate and becoming a grad student." More recently, he says, Macintosh OS X users have found it and have been using it.

It is an incredibly flexible language that allows users to set reminders for, say, the second Tuesday of every month unless it's a holiday. More recently, he wrote a GUI that allows people not familiar with a command line interface to run the vast majority (but not all) commands they might want to run.

Parallel lines
Roaring Penguin evolved in a similar manner. MIMEDefang is an open source anti-spam product for Linux systems. But not everybody wants to deal with the CLI.

"I saw an opportunity for a commercial version of MIMEDefang," explains Skoll. "I wrote CANIt and CANIt Pro. They are closed source by the GPL definition, but we do distribute the source code to our customers; they aren't allowed to redistribute the code, but they can change it."

Not many customers alter the source code, Skoll admits. He says that the open source community is constantly improving MIMEDefang, and the business customers are constantly asking for features for CANIt, so features trickle up to CANIt from MIMEDefang, and some customer requests are easier to implement in MIMEDefang than in CANIt.

Asked to describe the software, Skoll makes it sound more simple than it really is. "MIMEDefang is a way to mess around with e-mail. You can add or delete reciptients. It comes with built-in hooks to anti-virus and to SpamAssassin. It's a tool so that sysadmins can take their e-mail policy and write perl code to implement it. CANIt makes that power available to non-sysadmins. CANIt is Perl code that just happens to require MIMEDefang."

Observing spam
Over time, Skoll has learned a great deal about spam. The company's new Roaring Penguin Training Network (RPTN) is learning even more. "It's based on a paper at a conference. The paper showed that a few people could share the same Bayesian database and it would work well. Before that, we had all thought that everyone needed their own database. What we did is, in CANIt Pro, every time somebody marks something as spam or not spam, then, if they've opted into the RPTN, it's logged in our huge statistical database and we redistribute that database to customers."

The distributed Bayesian database seems to work. "We found it increases accuracy dramatically," Skoll enthuses. "Large ISPs get the new spam immediately. By the time it starts reaching our other customers, the system is already trained to recognize the spam. Spammers are mutating their messages to defeat spam logging systems that rely on a checksum. The RPTN looks at tokens, at actual words in the message."

Roaring Penguin has a spam zeitgeist page, showing which tokens are most common in spam this month.

Some, such as "ffffd5" and "ndsfrwudG", may be tracking tags for a spam campaign. Others are words or parts of words in common spam offers. Finally, words like "edit1" show up because spammers don't know how to use their ratware ("ratware" is spamming software).

Beyond spam
But Skoll believes that the spam problem has peaked, so he needs to find other uses for MIMEDefang. Luckily, there are many obvious uses.

A few years ago, some believed the Internet itself would be destroyed by spam. "There were doomsayers talking about how e-mail was doomed by spam. But they didn't count on the fact that e-mail is too useful for people. It turned into an arms race and it has reached equilibrium. People are saying that we need to re-architect SMTP, or enable sender authentication, but part of the beauty of e-mail is the ability to send a message to someone you don't know. Cures, like going through hoops to prove who you are, would make e-mail less popular."

Skoll believes that the designer of an anti-spam solution should have end users firmly in mind. "Our philosophy is to stop spam while doing as little collateral damage as possible."

He explains how this works in detail. "Our out of the box defaults err on the side of not blocking valid e-mail. We never automatically reject e-mail; we hold it for human verification. If users want to, they can set auto reject thresholds, but we try to council users not to do anything rash. On a bad day, a customer may decide to block everything with the word 'sex' in it, and then have problems. We start by erring on the side of safety, and after that, it's user education."

Skoll says that the company is holding some new feature announcements for ISPCON in October, but is willing to share information about one new feature. "We're starting to develop a product for regulatory and corporate policy, and for ISPs to do anomaly analysis. We'll warn the administrator about higher mail volume than usual from an IP address, according to thresholds the administrator thinks are appropriate."

ISPs are starting to look at new laws, and to determine their role in the light of those new laws. "HIPAA and Sarbanes Oxley have been in effect since January first, I believe," says Skoll.

Right now, he's working on the software language. "It makes sense to work on a framework that can do anything and then supply appropriate dictionaries for regulations and industries. We'll be able to detect credit card numbers or medical codes as the law requires."

In Canada, where Roaring Penguin is based, a law has been proposed that would require ISPs to make e-mail available to the police. "I'm personally opposed to that kind of thing, but it's something we have to be aware of. It would be expensive. I doubt it will pass, but it could put small ISPs out of business."

At ISP-Planet, we believe that ISPs, planning for the future, need to obtain business customers, if they have the skills to serve those customers. The ISP of the future, we believe, will incorporate the skills of an integrator, giving advice about regulation and business practices as well as security and networking.

—End