Google bought another: first FeedBurner, and now Postini. I say another because these are both Mobius/Foundry Group/Brad Feld/Ryan McIntyre related companies - and congratulations are surely well deserved. I won’t comment on what Google should do with Postini - Fred Wilson has already done that, and I’m not particularly “spam inclined”. But I will say some of Fred’s comments are spot on, while others could use a little work:

• False positives on validation emails are a big problem. But that’s really an issue for those sending the email.
• Valid items in the spam folder are only a problem if you receive such enormous volumes of email from such a wide array of senders at a single email address that you are 1) certain something really important is falling through the cracks, and 2) rarely bother to clean it out your spam folder the first place.
• Reputation will remain a problem until 1) the powers that be agree on a open, royalty free, inter-operable standard, or 2) Google listens to Fred while everyone on the planet simultaneously switches to Gmail.

The perception seems to be there is only one box. The real winner is going to be the one that thinks outside of it, and convinces the casual email user to follow suit.

UPDATE: More background on Postini, from Ryan.

The latest report out of Postini showed a nearly 60% increase in spam over the last three months.

So, Bill Gates is still very wrong, and spammers got a little jump start on the holiday season. All the stock spam could be the reason the market hasn’t plummeted yet either. Maybe spammers should hit the mortgage market again, or hell…start selling properties.

UPDATE: Since the US is still the top spam producing country, and Postini postulates that much of the spam is coming from zombied machines, we can all cringe next time some goof takes credit for our broadband penetration rates.

I have recieved a half-dozen or so emails from colleagues, over the last two days, reporting phishing attempts. Some of these folks say they haven’t received many of these types of emails in the past, but now they are. So I have to ask what gives when I read that phishing attempts are on the decline.

The last thing anyone needs are reports that say phishing is on a downward trend. People become less suspicious of the email, and disaster is the only result.

This post over at Slashdot says Netcraft has reported more than 5,600 phishing sites since December. So here is another question: If there are so many phishing sites being identified, what the heck are phishers doing with them? If you put the two reports together, it would suggest that phishers are launching sites just for the fun of it - less lures are being deployed (according to the Postini report). I don’t think so.

Either the numbers being thrown around are just plain wrong, or phishing attempts are becoming ever more sophisticated (even to the most watchful eye). A few months back we heard folks crying out that spam was slowing, while others said it was picking up, and it is highly unlikely that scammers are going to revert to less technologically (or verbally) proficient email to mount their attacks.

I say that if past performance is any indication, it is both - the numbers are bunk, and everyone should be even more careful with each message hitting the inbox.

***UPDATE***

Techdirt noted that these varying reports are all in how you spin it as well. The best bet is for everyone to err on the side of caution.

Also note that Netcraft is now providing their phishing site data as a feed. Check here for more details.

Not unexpected, but Symantec, our fearless leader of producing 99% effective security protection tools, is going head on against Postini, MessageLabs, and the rest of the hosting family.

I assume that this service is being targeted at small businesses, much like Postini. Depending on pricing, hosted email is usually a cost effective solution for businesses whose core is not technology based.

Read more at Symantec Heads Into Hosted Waters, from TechWeb.

And, stay tuned for performance comparisons from the internal analysts of every hosted email provider on the planet.

Larry Seltzer of eWeek has an interesting op-ed entitled More Evidence Spam Has Peaked. Interesting, I say, as late in the article Larry points out a big reason why it might not have actually peaked (and why it may never go away).

Late, he notes that Postini, MessageLabs, Symantec, and others like them “don’t really have an interest in spam going away, because their sales are proportional to the level of threat. Ah ha.

Now we get to the root of the issue. These firms don’t have a vested interested in ridding the natural world of computer threats, whether they be spam, viruses, phishing, zombies, whatever. As long as the threats exist, these firms make a bundle convincing us they are saving us from them.

I personally rely on some of their wares, but only when running Windows, and then only as an “additional” countermeasure. I have a huge (and growing) block in my server’s Sendmail reject list, and make sure MailScanner is always running. According to industry reports, MailScanner has more users than AOL and Hotmail combined. The SpamAssassin component rarely fails me.

Funny thing is, this front end protection mechanism is open source, and is provided as part of the Linux distro this site runs on. THESE wares don’t cost anything extra, and they are distributed via the open source community. OS to the rescue once again.