CleanMyMailbox

There's a new weapon in the war against spam that doesn't rely on "black listing" to do its dirty work. But users and ISPs will have to trust that Permission Technologies never divulges subscriber particulars.

by Gerry Blackwell [June 18, 2002]

Spam—to filter or not to filter. It's a vexing dilemma for ISPs.

If you let the spam flow, subscribers howl. If you implement system-wide filtering, there is a slight but real chance you could be leaving yourself open to legal action in the event you filter out a vital message resulting in business loss or damages to a customer.

Joe Halbrook, founder and chief executive officer of Jefferson City, Missouri-based Permission Technologies, says co-branding and selling his company's brand new mail filtering service, CleanMyMailbox, could solve that problem for ISPs and offer other benefits as well.

CleanMyMailbox saves spam in a temporary "spam box" so individual subscribers can review filtered messages periodically and catch false positives. If they find a message in the spam box they want to keep, they can use the service's Web interface to instantly restore it to their mailbox with a mouse click.

They can also customize CleanMyMailbox so that it doesn't ever filter mail from that sender again or from other specified aliases and domains—even if the system's sophisticated algorithms and weighting system identify the messages as spam.

"That gives subscribers a lot more control than they have with a black list at the ISP that says, 'Anything from this domain, don't deliver it,'" Halbrook says. "[Our beta users are] very happy with the way it works."

Anti-spam partisans
While end customers can subscribe to the service at the company's Web site, Halbrook hopes to market CleanMyMailbox mainly through co-branding deals with ISPs and other Web service providers.

He already has deals in place with WebScope, a Valley Stream, New York-based ISP and hosting firm, and Web Site 101, a Santa Rosa, California-based company that provides education services to new e-commerce companies.

ISPs get a "generous" split of subscription revenues—Halbrook won't say what exactly because he wants to be able to negotiate on a case-by-case basis.

There are other benefits for ISPs too. If they have no spam filtering in place, selling CleanMyMailbox can significantly reduce congestion on mail servers if enough subscribers take the service.

And ISPs that switch from system-wide "black list" systems such as with Brightmail from San Francisco-based Brightmail, Inc. avoid potential law suits.

Permission Technologies has a tough road ahead, though. It's a tiny company with few resources—Halbrook and one partner are the only full-time employees.

It has strong, well-established competitors in Brightmail and San Diego, California-based Singlefin, and new players that can match at least some of CleanMyMailbox's value proposition are coming into the market—companies like Spam Arrest LLC of Seattle, Wash.

Pricing could also be a problem. Permission Technologies has sold some individual subscriptions since launching the product June 3, though Halbrook won't say how many. We're guessing a handful at most. The service costs $12 a month. That may sound steep—and is—but Halbrook can justify it.

"We're obviously not targeting the average home user who gets maybe 100 spam messages per month," he says. "We're going after people who are involved in list management or who maintain a Web site and get anywhere from 2,500 to 5,000 spams a month."

"Consider if you had to manually scan all that spam and delete it. At an average of, say, three seconds per message, that's at least four hours if you get 5,000 a month. So at $12 there's a pretty nice return on investment for four hours of your time."

Mailbox mercenaries
Whether they sign up directly or through a co-branding partner, subscribers have to give Permission Technologies their e-mail ID and password. A bot program developed by Halbrook, which runs on Permission Technologies servers, logs in to the mailbox every couple of hours.

It audits the messages—both headers and body—using an array of identifying techniques and a weighting system. If it concludes a message is spam, it removes it from the mailbox and downloads it to the subscriber's spam box on the Permission Technologies server. It holds messages in the spam box for about 14 days.

Subscribers also have the option of keeping the messages in their mailbox but flagging them as spam.

This approach solves a number of problems Halbrook saw with existing spam filtering solutions on the market. It requires no client software on the subscriber's system. The filtering is done at the source, so no matter which system subscribers uses to access their e-mail, messages are filtered.

Unlike some other services, CleanMyMailbox does not require subscribers to use a different e-mail address or to reroute e-mail to the service provider's server. "That was something we definitely didn't want to get into," Halbrook says.

However, the CleanMyMailbox approach may raise privacy and security alarms with subscribers. Do I really want to give out my mail ID and password to some third party? Halbrook knows this could be a problem.

"That was probably the second thing I thought about when I started to conceptualize this product," he says.

He sees it as more a perception problem than any real security or privacy vulnerability for subscribers, though. Permission Technologies has implemented "multiple layers of service security," Halbrook says.

Perhaps more to the point, it prominently publishes its privacy policy emphatically stating, "we will never give out a subscriber's e-mail address under any circumstances." And Halbrook is pursuing working with online privacy audit organizations such as TRUSTe and WebTrust.

"There are going to be perceptions [of privacy and security issues] that might prevent some people from [taking the service]," he admits. "We just hope it isn't a significant number of people. And we're looking at doing everything we can to overcome those barriers."

Soldier of fortune?
CleanMyMailbox does appear to be a better mousetrap—better, at least, than many of the other spam filtering solutions aimed at ISPs.

End users don't have to change anything about the way they do e-mail. With fine tuning, the service can achieve 98-percent accuracy or better, Halbrook claims—meaning only 2 percent of spam messages get through. At the same time, it provides end users with personalized control over how their mail is filtered.

From the ISP perspective, CleanMyMailbox provides a revenue stream—how big obviously remains to be seen and depends on the ISPs customer profile. One good thing is that the service requires virtually no system integration.

All of these mousetrap improvements come at a cost, though. First, the privacy/security "perception" problem—which could be a killer. Second, the $12 a month, which probably restricts the market to a relatively small universe of spam victims facing huge volumes of messages.

Still, maybe ISPs can negotiate with Permission Technologies to get subscriptions charges lower and attract a bigger market.

— End