TwitterLinkedIn

Mike Hillyer's Personal Webspace

TwitterLinkedIn

MikeHillyer - Job opportunity: Solution Consultant at Message Systems - San Francisco Bay Area #jobs http://t.co/hAvUIE7xEt 5 days ago

Pictures from Life as a Sales Engineer

Posted on by Posted in Funny, Management, Message Systems, Sales Engineer

There’s not many memes that I jump on the bandwagon for, but I’ve seen enough people having fun with this that I have to join in.

When my demo hits a snag…

When my Sales Exec calls to say the deal is closed…

When my Sales Exec says he wants to move forward after I tell him there’s red flags all over an opportunity…

When the SE Manager is looking for volunteers to work on an RFP…

 

What the Sales Exec expects me to do when he forgets to invite me to a meeting until the last minute…

My expression when the Sales Exec claims our product has a non-existent feature…

When the guy at the prospect (whose app has been called junk by everyone else) tells me things are fine, they don’t need my solution…

When the client asks me to click on an un-configured section of the demo…

When the client doesn’t ask about the un-configured section of the demo…

When the presentation goes off perfectly…

When I spend two days building a demo, only to find out the prospect wasn’t qualified after all…

What I want to do to the person who didn’t qualify the prospect…

When the Proof of Concept comes together perfectly…

When the customer asks me if it’s true that <insert wild claim made by Sales Exec>…

And now a small plug: I’m not the SE anymore, I’m the Manager, and at Message Systems I’m hiring multiple Senior SE’s right now (we call them Solution Consultants) in multiple regions! Head on over to our jobs page and check it out! I poked a little fun at the Sales Exec stereotype but we’ve got a great group to work with, a solid product and a great team. Join us, won’t you?

Disclosure: Borrowed and modified extensively from http://martinvalasek.com/blog/pictures-from-a-developers-life

Does Multiplayer Need to be so Massive?

Posted on by Posted in Gaming, Ideas

I was watching a documentary on Mojang that is well done and very inspiring, I highly recommend it. It got me thinking about Minecraft.

There is no shortage of information on the Internet regarding what Minecraft is, how it works, and why it is appealing. I’d also refer you to the documentary itself for more insight into those topics. What struck me about Minecraft as I watched the documentary is the Multiplayer aspect of the game, and how its particular brand of Multiplayer reminded me of when I used to play games on BBS systems, particularly TradeWars, a space trading game that I found quite addictive back in my day. Games such as TradeWars provided a multiplayer, persistent world where players could either collaborate or compete as they saw fit, just like what we now get with multiplayer Minecraft.

These days, most of the multiplayer offerings available to casual gamers through Zynga and other Facebook game developers offer multiplayer, but only in the superficial sense: everyone is really playing a single-player game where their friends occasionally visit their instance of the game, or act as NPCs to compete against. There’s no going into another’s space to mess around, no depletion of resources by another player before you can get to them, or careful navigation in case you come across a stronger player.

Contrasted with MMO games such as World of Warcraft, you still often find yourself in a different kind of Multiplayer. There’s always going to be plenty of things to kill, everyone can complete a given quest, even the big bad guys will respawn shortly. Outside of a PVP server, the other players often feel like complex NPCs, with most of them just passing you by on a road here and there, and in a guild or on raids, you’re interacting with a limited number of players regularly. Most MMO games can certainly feel massive, and they are multiplayer, but for a number of reasons they are not truly “massively multiplayer” in the sense that hundreds or thousands of players would be interacting simultaneously.

In fact, the need for the world to persist prevents people from seriously impacting each other or the dynamics of the world. Imagine a massively multiplayer Minecraft for a moment; if there were thousands of people playing at once, you could never have a long-term persistent world because someone would TNT significant chunks of it in short order. Instead, most people are content to play on a smaller, more intimate server that may occasionally get recycled (or at the very least they can walk several KM away and start fresh). It was the same with TradeWars, you would play with at most a couple of dozen people, and when it looked like things were entering a static state, you would start over again.

I think there’s a potential future middle-ground market here for game companies: building and maintaining an MMO is an expensive proposition, but for a good number of players it may actually be overkill anyway. Instead look at building moderately-sized world (most likely procedurally generated) where players can interact, build, explore, grow, etc. Either host the games or allow for self-hosting, and allow for players to invite a relatively small circle of friends to play with (or against) eachother. It is significantly easier to host a large number of small instances than a small number of large instances, and I think most players would enjoy both equally well.

Personally I believe this is a direction that Facebook itself could benefit from pursuing. Currently a game developer needs to not only develop a game, but also build and support infrastructure for hosting the game itself, as Facebook provides only the page wrapper around the game, but no infrastructure resources. As a result, a lot of what we see on Facebook are simple Flash-based games that involve repetitive clicking, and no real multiplayer. These kind of games require fewer server resources and are therefore easier to build and support. If Facebook built out scalable multiplayer server resources it would lower the barrier to entry for a new generation of more truly multiplayer game experiences among a circle of friends. It would be much more interesting to get a notification that someone had invaded your territory than to find out they had completed a quest to click on 20 cows. Facebook could in return collect a larger percentage of the monetization from a game, with such games likely generating greater revenue in the first place thanks to their advanced nature.

Personally I would love to see the return of the small-scale persistent world multiplayer concept, somewhere that gets you logging in regularly to keep ahead of your friends and to make sure they haven’t gotten the drop on you since you last logged in. A multiplayer game concept that falls between the traditional MMO and the deathmatch game that only lasts as long you you’re all logged in and playing. An approach where someone can eventually pull well ahead of the others and in doing so affects the balance of the game, requiring either a restart or a combined effort by the remaining players. It was compelling back in the BBS games, it’s compelling in Minecraft (though the game’s mechanics don’t really support the idea of game inbalance), and I think it could be compelling in a number of genres today.

Why Your Email Marketing Sucks

Posted on by Posted in Email

There’s a great article over at Hubspot that talks about “16 Things People Really Hate About Your Email Marketing” and it’s a good read. I especially liked:

The content of your email — whether the copy itself or the offer you’re promoting — should be something the email recipient actually wants to receive. And you would know what they want to receive if you’ve spent time collecting lead intelligence, segmenting your email lists based on that intelligence, and mapping the appropriate content to each segment of your list.

What some email marketers do, however, is email blast a 10% off coupon for dog food when half of their email list only owns a cat. If the content you’re sending out won’t be helpful to everyone on your current list, slowly back away from the ‘Send’ button, and refine the list to which you’re sending your email.

If you want me to stay subscribed, keep it relevant to my interests!

Via: http://blog.wordtothewise.com/2012/06/things-people-hate-about-your-email-marketing/

More Wisdom From Ed Catmull

Posted on by Posted in Management

Another great video of Ed Catmull speaking at the 2012 General Commencement of the University of Utah:

http://webapps5.utah.edu/digvid/?id=2012-05-04~88

Jump to 98:25 for the commencement address. What follows are my notes as I watch the video myself.

I love the importance he ascribes to creativity, even in industries that are not typically considered creative. He also had a good warning about the risk of creative people becoming un-creative: he warns that unseen corporate forces can be at work to send a successful company off the rails that management cannot even detect. He talks about finding the systemic and cultural forces that block creativity and how to eliminate them.

At 110:00 he speaks of the need for change and the fear of change, and provides great insight into one of the greatest risks to companies is a tendency to latch onto the familiar because of a fear of failure. He then relates a story that really struck me about the movie Bolt; how the hamster character was so complicated the movie could not be completed in the 8 months remaining. When asked about retooling the character, the management team was told it would take 6 months to retool the character, something that obviously would not work given the fixed deadline. Instead, a pair of animators managed to retool the character in four days, deciding it was better to seek forgiveness than permission. How did they manage to do in four days what others said would take six months? It turned out there was so much fear of error and fear of failure in the animation department that the whole creative process was wrapped in excess process and procedures to try and prevent errors.

One of the best insights that Ed Catmull brings in this speech is what I’d describe as being aware of your blind spots: he emphasizes the importance of being aware of what he cannot see, either because he cannot see it coming or because his position means that others act differently around him. It’s clear that Dr. Catmull focuses as much or even more on unseen threats as he does on those facing him directly.

“We should plan for the unseen, not try to prevent it.”

“We face the problems, we face the hard questions. The answers are the mere byproducts of addressing interesting questions. The questions are the doorway into the unknown.”

At 131:30 Ed gives a unique insight into Steve Jobs, and how he learned from failure and improved and grew as an individual. He also gives a new perspective on the concept of Job’s Reality Distortion Field:

“If you believe, as I do, that your actions make a difference, then this means that you do modify your reality, you do change the future.”

The more I learn of how Dr. Catmull built and leads Pixar, the more I want to find effective ways to emulate him.

Management Lessons From Phineas & Ferb

Posted on by Posted in Management

One of the best things about having small kids is they can be used as a cover for watching cartoons, and one of our favorites is Phineas & Ferb. For those unfamiliar with the show, here’s a sample:

This is a great show because it’s one of those shows that can entertain both adults and children and doesn’t dumb things down but instead respects kids and their ability to get things, while being entertaining for parents and not annoying them to the point of changing the channel like some shows for kids. And hey, it has some lessons for you managers out there:

You need a Phineas and a Ferb

A great team can get more done than a collection of individuals, and one of the key elements of a good team are individuals who bring different but complimentary skills to the larger group. Look at Phineas and you see someone who brings ideas to the table, evangelizes them to others and has enough technical know-how to support their implementation. In Ferb we see someone who has the deep knowledge & skills to make Phineas’ ideas a reality. A strong team is made of T-Shaped people, those with depth in a few key areas and breadth to allow them to collaborate across the team.

Dream Big, Don’t Apologize

Too often we impose limitations when we brainstorm new ideas, imposing the lens of “what is possible” on our discussion of “what is best”, which prevents us from coming up with some really great ideas. When you watch Phineas & Ferb you’ll see occasions when they call this kind of thinking out directly. In many episodes you’ll see a typical interaction of a character asking Phineas “Aren’t you a little young to <INSERT IMPRESSIVE ACTIVITY HERE>?” to which he generally replies “Yes, yes we are.” Phineas never apologizes for dreaming big, neither do successful organizations. This doesn’t mean that everything you dream up will be immediately possible; I’ve been reading some great books on the history of Pixar (see links at the bottom of this entry) and one aspect of Pixar’s history that I loved is they had a vision that served are their compass (of creating a movie in CGI), but which was not achieved for well over a decade.

Share Openly

There’s a real tendency in organizations to play things close to the chest, whether it’s companies staying in stealth mode as long as possible, or even individual departments keeping things to themselves in the interest of secrecy. When you watch an episode of Phineas and Ferb, you’ll see that the brothers are quick to share their work at all stages of development. The result of this is always positive, with others offering them assistance, ideas and materials. Another great example comes from my Pixar reading: at Pixar there is a requirement for each production team to show their work in progress on a weekly basis with the entire organization, sessions that are literally open to all employees in the company. This approach not only recognized that good ideas can come from anywhere (even the janitor), but also builds a community feeling among all employees and helps with morale. I like to support the startup community in my city by attending demo days and other events, and it’s great to see small startups share what they are doing rather than worry about someone stealing their ideas because it enables me to share ideas and experience to hopefully make them more successful.

Trust Your People, Don’t Worry About Being Surprised

If you’ve hired your team of Phineas and Ferb types, trained them well, and given them the resources they need to succeed, then the next thing to do is get out of their way! Here’s a quote I love from Ed Catmull, founder and CEO of Pixar and a man full of management wisdom:

…managers need to learn that they don’t always have to be the first to know about something going on in their realm, and it’s OK to walk into a meeting and be surprised.

For an example of this, just compare the responses of Ferb’s father, Lawrence Fletcher, to Phineas’ older sister Candace. Candace is focused on having authority, doesn’t trust her brothers, and spends the majority of most episodes trying to get in their way and prevent them from achieving their goals, all because they think outside the box she has mentally created for them. Lawrence shows a certain nonchalance about the boys’ activities, presumably because he’s aware of Ferb’s abilities and trusts him not to get into (serious) trouble.

Now of course one could argue that Lawrence is more oblivious than trusting, but the fact remains that you need to respect & trust those who you work with, and avoid micromanagement. Too many managers spend too much time managing, and too little time leading.

On that note I’d like to leave you with one of my favorite definitions of leadership, again from a book on Pixar (the Pixar Way) that I have been re-reading lately:

The ability to establish and maintain a creative climate in which individuals and teams are self-motivated to the successful achievement of long-term goals in an environment of mutual respect and trust.

Recommended Reading

Bonus Sample Episode

Fixing Issues With Dodge / Chrysler Radios and iPhone 4

Posted on by Posted in Automotive, Tips

I recently moved to a 2011 Chrysler Town & Country and ran into an issue where my iPhone 4 simply would not get along with the 430n RHB radio built into the vehicle. This was frustrating as the radio in this (and the 2010 Dodge Grand Caravan I had previously) have pretty good iPhone/iPod integration for a stock radio. When I plugged the iPhone into the USB port of the RHB, I would get “Reading…” and then “Error Occured”, and when I would use the Bluetooth A2DP feature the sound would be garbled and stuttery any time the screen on the iPhone was active. The Bluetooth audio issue would present itself even though Uconnect was working fine for handsfree calling.

The good news is this is fixed via a software update that I found at http://www.challengertalk.com/forums/archive/index.php/t-61355.html, here’s the important part:

1) First check to see which version of software your Uconnect came with. On my Patriot the module is behind the glove box and is easy to get to. I am not sure how easy this is to access on other vehicles.

Look at the SW number on the module. If you have SW 43.01.10 or 43.1.30, this update should work for you. This is where you find the SW number:

2) Download the file:
For US mid-large vehicles (Wrangler, Durango, Grand Cherokee, Town & Country van, RAM), download this file (http://www.mediafire.com/?ym7cudem8c9lb96)
For US small vehicles (Compass, Challenger, Patriot, Caliber, 200) download this file (http://www.mediafire.com/?ygm74est6j6pj19)

For Euro large vehicles, download this file (http://www.mediafire.com/?qbjepsjq2g5jcjj)
For Euro small vehicles, download this file (http://www.mediafire.com/?mp2zbywzdmd2o87)

3) Put this file onto an empty usb drive

4) Plug the usb drive into the vehicles remote USB port (NOT on the radio). It should be either in the center console or glove box

5) Press and hold the Uconnect Phone button for approx. 15 seconds, until you hear Software Update started

6) Wait until the update is completely finished (about 10-15 minutes or so) During this update, the radio will beep over and over (you can turn this down with the volume knob). If after about 5 minutes you hear “This file archive not compatible with this vehicle,” than either you used the wrong download, OR your radio does not currently have an update available

On my Chrysler Town & Country (and likely on 2011 Dodge Grand Caravan models) the Uconnect module was located roughly behind the headlight switch on the lower-left of the dash and I was able to contort near the brake pedal to see it without having to disassemble the dash.

For those feeling less adventurous, you can take your vehicle into your dealer to have the fix applied, ask about TSB Number 08-036-11.

The Management Wisdom of Ed Catmull

Posted on by Posted in Management

I greatly admire Pixar and its people, and one of the people I admire greatly is Ed Catmull, the Pixar founder. His personal contributions to computer science and computer graphics are phenomenal, but he’s also an excellent leader and businessman. The following video from an Economist conference provides a good example of his wisdom:

And here’s another, older example:

It’s wisdom like this that puts books like this on my desk:

See You At The Message Systems User Conference!

Posted on by Posted in Deliverability, Email, Message Systems, Security

I’m looking forward to the upcoming Message Systems User Conference next month in San Francisco, not only for what looks like an excellent venue, but for the great set of quality sessions on the agenda.

There’s a number of sessions I’m looking forward to attending, but I’d like to invite you to attend the sessions I’ll be delivering next month (read to the end to save on conference admission):

What the Convergence of Data Security & Privacy Concerns Will Mean to Companies

The barrage of news stories about data breaches and privacy violations is taking a toll on consumer confidence.

What You’ll Learn:

  • Why data security and privacy issues are converging and how an erosion of consumer confidence can jeopardize data availability for communication and commerce.
  • How security and privacy are connected to Message Convergence and why they should now be of concern to all ecosystem players and at all levels, Marketing as well as IT.
  • What principles companies should embrace to address security and privacy in their own environments.
  • How companies can safeguard their customer data and messaging streams.

New Directions in Email Deliverability

Our panel of industry experts will explore the ongoing evolution of deliverability management and new technology advances, such as adaptive delivery, that will make it easier.

What You’ll Learn:

  • How deliverability is a tactic companion to Message Convergence – getting messages delivered, read and acted on.
  • How new advances in technology can improve deliverability management effectiveness and remove the hassles for all stakeholders.

Building Multi-Channel Apps

This session will introduce participants to the whys and wherefores of multi-channel messaging applications ­ how they deliver business value, and how to construct them. You¹ll gain both an understanding of the business strategy behind multi-channel apps, and a nuts-and-bolts working knowledge of the tools and techniques required to design, build and deploy them. Topics will include how to access multiple data sources on the fly and how to make routing determinations. For instance, once you¹ve made a judgment on content, context and preference, how to go about actually getting a message routed to its ultimate destination. We’ll go in depth on the subject of multi-channel message type (MCMT), a proprietary content container format that makes it possible to inject messages into the delivery stream with content alternatives dependent on the preferred message channel.

Target Audience:

Product and program managers, developers, line of business owners.

What you’ll learn:

  • How multi-channel messaging delivers business value across any number of industry verticals.
  • The messaging and data systems/architectures needed to deploy multi-channel messaging.
  • Introduction to MCMT.
  • How to configure Momentum, Mobile Momentum and Message Central for multi-channel apps.
  • Understanding and acting on customer preference data.

Advanced Momentum & Message Scope

This session will extend the sessions on “Introduction to Lua” and “Momentum Essentials and Message Scope” by taking participants through advanced, Lua-based message parsing APIs. Advanced policy scripts for database-driven binding assignment and DKIM signing will be demonstrated. Participants will see practical, but advanced remediation list usage with Message Scope and learn how to create custom remediation actions.

Target Audience: System administrators, operations and support personnel and developers.

What You’ll Learn:

  • Various parsing techniques using Lua API functionality.
  • Write Lua policy scripts that implement database-driven binding assignment and DKIM signing.
  • How to integrate Momentum bounce information with an external database.
  • How to integrate Message Scope with 3rd-party data feeds.
  • How to create custom remediation actions with Message Scope.

It’s going to be a great conference and I look forward to meeting everyone, to make it even more appealing, register now and use discount code VIP2S2 to save $250!

See you there!

14 Email Security Do’s & Don’ts

Posted on by Posted in Email, Message Systems, Security

Note: This article originally appeared at http://www.messagesystems.com/wordpress/?p=84

Introduction

Anyone who follows the email marketing industry news is no doubt aware of the increasing number of well-publicized data breaches that have been occurring at the various major ESPs. In addition to the major ESPs, there are no doubt a number of less-publicized or even non-publicized data breaches occurring all the time at both smaller ESPs and in-house enterprise senders. The days when most of us in the email industry could watch from the sidelines and shake our heads have surely passed. Henceforth we should all operate on the assumption that we’re either now under attack as well, or will be shortly.

Email marketers have two valuable resources that malicious parties want to capture and exploit: information and infrastructure. Attackers want to access the information you hold, including email addresses, personally identifiable information (PII) and affiliation information (which organizations send to which recipients). Using this information the attackers can send spam or phishing messages and (in an unlikely worst-case scenario) even perform identity theft.

In addition to getting to the information you hold, attackers will also try to gain access to your infrastructure. In a recently reported breach at CheetahMail (http://blog.wordtothewise.com/2011/04/another-security-problem/) it was reported that an attacker had gained control of a customer account to send malware (UPDATE: The same thing just ocurred at Bronto: http://blog.bronto.com/2011/05/02/shared-security-responsibility-and-a-compromised-password-incident/). While many reports focus on attacks that result in data leaks, it’s also very common for attackers to access infrastructure to send their own messages from trusted systems, ruining reputation for the operator of the compromised infrastructure.

It’s time for all email marketers, whether sending themselves or through service providers, to make security a fundamental principle in their operations. The Online Trust Alliance (http://otalliance.org) recently published a set of guidelines (https://otalliance.org/resources/securitybydesign.html) that I highly recommend reviewing and following. I’d like to make a few additional recommendations of my own.

People

All the security technologies in the world can often be defeated by a simple phone call or a few dollars. There are multiple cases where attackers have been able to get into a system through social engineering: calling up someone in the target company and presenting themselves as a trusted co-worker and asking for the unsuspecting employee’s login credentials. In other cases a simple offer of cash in exchange for information or access can bypass any number of security measures.

Whether they are acting innocently or maliciously, your own employees (and customers) can easily be your downfall. There are a number of security measures that can help alleviate this:

  1. Educate your employees and users. Make sure they understand what social engineering attacks are and how to identify and prevent them. Teach them to never disclose their usernames and passwords, and enforce a policy of never asking customers for their credentials and make it clear to your customers that you will never do so.
  2. Do your homework. Employ best practices in your HR department. That includes performing background checks on your employees (at least the ones with access to sensitive customer information), including credit checks. Keep in mind that people in positions with access to sensitive data could be susceptible to enticement – this is particularly true if you’ve made it easy for them to act on that temptation.
  3. Apply the ‘need to know’ rule. Consider who really needs to be able to see customer information, and how much needs to be visible. Does someone who manages message templates really need access to your recipient list? Does someone who manages segmentation really need to be able to see both the user and domain portion of an email address? Perhaps they can do their job with access to the domain information only. Do customer service reps really need to be able to see lists of recipients or do they just need to be able to look up a specific recipient to do their job? There will always be people who need to access sensitive information, but not as many as you might initially think, and few need access to absolutely all the information rather than just a subset of it.

Data Storage

There are a number of best practices around securing the data you store, but I want to share a few ideas about what to store, to be used in combination with data security best practices.

  1. Store as little as possible. An attacker cannot steal information that you don’t possess. Do not ask for information you do not need or can’t use. Marketers tend to err on the side of over-collection because it ‘might’ come in handy. (Example: are you asking for a physical address when you do not send anything by regular mail?)
  2. Use encryption where possible. Consider a suppression list to prevent sending to people who have unsubscribed (hopefully you followed step one and purged everything but their address when they unsubscribed); you need to have their address in order to prevent sending to it, but you can store their address as a one-way hash and compare a one-way hash of recipient addresses to identify if a recipient should be suppressed. I’ve worked with senders who encrypt the user portion of every recipient address (mike@messagesystems.com would be stored as 18126e7bd3f84b3f3e4df094def5b7de@messagesystems.com as an example) in the database, with a custom Lua script in the messaging server decrypting the user portion of the address on the fly just before sending. With this approach, they can still do domain reporting and segmentation, while making it much more difficult for attackers to extract useful information.
  3. Purge data as soon as possible. Again, you cannot lose what you do not have. Purge information as soon as feasible, both customer data and the various logs that can contain customer information. If you need a piece of information for a specific mailing, purge the data once the mailing is complete.

Email Infrastructure

While I have no reports to date of email infrastructure as an attack vector there are still some steps you can take to better secure your email infrastructure.

  1. Secure the server. Implement security at the operating system level as well as at the network level. Restrict access to the web UI to internal machines only (use a VPN for external access). Strongly consider using two-factor authentication including password-protected SSH key-based authentication.
  2. Secure your logs. Remember that your logs will often contain address information, so you need to secure your logs with the same vigilance that you secure your database. Ensure that your file system permissions are properly set and that you retain your logs for no longer than necessary.
  3. Customize your logs. If your system supports customizable logging, consider trimming your logs down to the bare minimum data required for your purposes. Instead of storing the recipient email address, store a customer identifier that you can use to lookup the customer address (high-end solutions will let you store just the domain portion of the address so you can still do reporting on domain volumes and deliverability).
  4. Secure against being an open relay. Grant permission to inject mail on a per-IP basis if possible, use TLS and authentication if you need to allow relaying to external hosts.
  5. Scan your outbound mail streams. An effective way to mitigate infrastructure attacks is to filter all traffic as it leaves the server to prevent sending mail that contains viruses, spam or malware. The incident at CheetahMail I mentioned at the start of this entry could have been prevented with outbound traffic filtering. Keep in mind I’m speaking about AV/AS filtering on a per-message basis. It’s not enough to send a test message to a preview tool if you’re trying to protect your infrastructure; you need a messaging server that can filter traffic on egress.
  6. Implement Feedback Loops. While this may not seem like a security tool, I’ve worked with senders who were able to use a spike in incoming FBL messages to identify an unusual sending pattern coming from their servers, leading them in turn to identify that their network had been compromised and a malicious attacker was using their system to send mail.
  7. Implement authentication tools such as DK/DKIM/SPF/SenderID. Again, this does not directly secure your data, but if a list is compromised it will be harder for a malicious party to deliver mail from their own servers and make it appear to come from you (especially when making phishing attempts with your data).
  8. Monitor Block Activity. As with spam complaints, a sudden burst in rolling blocks could be a red flag that an infrastructure beach has occurred. Set-up alerting system for blocks and automated suspension processes to catch and shut down malicious mail streams before serious damage is done. The good news, if you’re running Momentum, is that our Adaptive Delivery product does this for you automatically.

Conclusion

The latest security breaches in the email marketing industry have re-enforced that an attack is a matter of when, not if, and senders need to plan accordingly. The recommendations of the OTA, combined with the recommendations above (and constant vigilance) should provide a good start at avoiding (and minimizing the impact of) a malicious attack.

Message Queuing & Segregation: Lessons from the Airline Industry

Posted on by Posted in Deliverability, Email, Message Systems, Sales Engineer 1 Comment

Note: This also appears at http://www.messagesystems.com/wordpress/?p=38.

Many email marketers are unaware of the importance of message queuing to the successful delivery of their email. As a component of their messaging infrastructure, queuing is something that marketers typically defer to their IT department to manage. Yet, the reality is that queuing and the segregation of message streams can make the critical difference between the success and failure of a company’s messaging programs, and therefore, should be of concern to both the IT and marketing departments.

Effective queuing really comes down to the choice of messaging infrastructure. When using a technologically advanced messaging platform, companies can efficiently manage parallel queues with messages assigned into multiple streams to ensure that each stream flows at an appropriate rate, providing efficient delivery of all classes of traffic. Unfortunately, those that rely legacy MTAs have no such options. They’re left trying to manage the bottlenecks and slowdowns that result from poor architecture with complicated priority schemes within a single queue.

Recently, one legacy MTA provider suggested that their routine for queue prioritization was the answer for reaching high-value customers first. While the business need is certainly legitimate, trying to prioritize messages within a single queue is both outmoded and a solution to a problem that should not exist in the first place. There are better ways to satisfy this need that are both simpler and more powerful at the same time. To illustrate my point, allow me to provide an analogy that should be familiar to my fellow business travelers.

One of the most common headaches for the air traveler is the security checkpoint; you get your ID checked, get in line, get your ID checked again, get in another line, empty your bags, take off your shoes and belt, get in yet another line and then get radiated in the name of public safety. During the highest traffic times these lines can become so long that people start missing their flights because there are a very limited number of security checkpoints and the airports were architected in a time that predated the need for such extensive security. This fundamental flaw in the architecture of the airports means that the current needs of travelers for additional parallel security screening checkpoints cannot be met, and everyone has to wait in a queue to get to their plane, sometimes with unacceptable results, leading to additional costs for all involved and potential lost business.

This is handled in a variety of ways, including performing the security check at every gate area (creating a very parallel security screening system) and by using priority security lines. Imagine for a moment that instead of this solution, the airport chose instead to assign priority on an individual basis to every single passenger and then tried to sort the individual travelers in the security line. As you can imagine such a solution would require additional work to make the individual assignments and then keep track of who ranks where in the line, with a risk that low-priority passengers would find themselves significantly delayed as they were repeatedly bumped. In all my travels I have never seen such an approach, primarily because the airports already have an approach that works.

Find a particularly efficient airport and what you’ll see is a fairly consistent set of practices:

  • Separation of passengers into queues based on their fitting into a certain profile.
  • A large number of parallel checkpoints.
  • Efficient handling of passengers.
  • Intelligent queue management that can modify queuing on the fly to meet circumstances.

Look at a particularly efficient airport and you will see multiple queues, including queues for:

  • Frequent / First Class travelers – The most frequent travelers and those who sit in First Class. These people bring a lot of value to the airlines and receive a lot of value in return.
  • Expert travelers – A new lane starting to appear in some airports, for those who are experienced in getting through security and unlikely to cause delays.
  • Family / Special Assistance – A slow lane, these groups will take longer to get through security.
  • Casual Travelers – A lane for those who move at an average speed through security.
  • Staff / Crew – While in some airports workers and air crew jump to the front of the line, the most efficient airports avoid this disruption by maintaining a separate checkpoint for those who work at the airport, minimizing disruption and ensuring that staff can get to work on time.
  • Specialty – From time to time I’ve seen the airport create a special temporary queue for unique groups such as chartered planes by opening a checkpoint and redirecting the group to the specialty group.

Not only has the separation of travelers into queues according to their profiles (including their priority as a group) proven sufficient to make prioritization by individual traveler unnecessary, it is much easier to manage.

While separating passengers into a number of queues can certainly benefit airports, the most efficient airports are also architected to operate a large number of parallel checkpoints, preventing a situation where every passenger in the airport needs to be funneled through the same metal detector. Imagine an airport trying to service millions of passengers a year on only one or two metal detectors and a single x-ray machine.

In addition to having many checkpoints, the best airports will also have efficient checkpoints, maximizing the flow of passengers through any given checkpoint through better design of the checkpoints and better training of the staff, all without compromising safety.

Perhaps most importantly to the smooth operation of an airport is intelligent management. I’ve seen airports where there were several queues open but empty because the people managing things weren’t flexible enough to reassign lines and adjust the queues to ensure well balanced passenger flow. The best airports will change the designation of queues, move staff around and even redirect passengers to alternate checkpoints that are less busy, all in the interests of moving the highest number of passengers per hour.

Senders can follow these same principles to get maximum throughput and deliverability in their own environment:

  • Segment mail by profile.
  • Choose a sending solution that supports highly parallel sending.
  • Choose a sending solution that provides sufficient throughput.
  • Choose a sending solution that is intelligent.

When sending, remember that segmentation is not just for who to send to or what to send them, but for deciding how to send a message and with what priority. You will want to create queues for high priority messages to satisfy your most valuable customers, queues for high-reputation traffic that delivers without issues as well as for traffic that you expect to deliver slowly (one example is traffic that results in human interactions, you may need to slow this to prevent overloading your call centers), test and administrative traffic that needs to go out as soon as possible and transactional traffic that should not queue up behind bulk sends. This is a common practice among ESPs, who often add specialized segmenting for scenarios such as new customers and customers with specific SLAs.

As with the airports, you need to architect your environment to be able to handle more traffic in parallel. This can be accomplished by adding more injectors and more messaging infrastructure, or by adding better infrastructure. Look at your existing solution: how many IPs can it send from? How many messages per hour can you send on a single machine and how many concurrent connections can it handle? Most Open Source solutions can handle one IP address, send 100,000 messages per hour at most, and can open less than one hundred connections. Low-end commercial solutions can often do over a hundred IPs, send close to a million messages per hour and can handle a few hundred to a couple of thousand connections. On the high end you have carrier-grade systems designed for the enterprise such as Momentum by Message Systems, which can utilize thousands of IPs to send millions of messages per hour across tens of thousands of concurrent connections (while you will never open more than a few connections to a given ISP on a given IP address, lesser solutions will fall short when sending across hundreds of IPs to thousands of ISPs, defaulting to ISP prioritization as a workaround).

Finally consider the intelligence of your infrastructure:

  • Can your infrastructure send across all servers simultaneously and fail-over in the event of an outage?
  • Can your infrastructure adjust throttles on the fly based on responses from the ISPs and bounce and feedback loop data?
  • Does your infrastructure handle queues so efficiently that performance is the same with thousands of messages in the queues as it is with millions of messages in the queues?
  • Can your infrastructure dynamically change from email to other protocols such as SMS and MMS based on subscriber preferences and ISP responses?

If not, we should talk.