Roaring Penguin Software adds multilevel rights management to its software, aiming to satisfy the needs of webhosts who have resellers.

by Alex Goldman ISP-Planet Managing Editor [July 17, 2006]

Until now, Nepean, Ontario, Canada-based Roaring Penguin Software's anti-spam product has been fine for ISPs and enterprises, but lacked a key feature that every webhost demands.

"The product had a single administrator who could hand off control of individual e-mail streams for users," explains David Skoll, CEO and founder of the company (and major open source advocate).

"A webhosting needs a super administrator who controls the box, a domain administrator for each domain on the box, and then the ability to allocate other administrators within each domain."

The new product is called CanIt-Domain-PRO, and is available today.

Skoll, who is deeply respectful of open source terminology, says that his product is not open source because, although the company provides the source code to each customer, it does not allow customers to release their own versions of the product. Nevertheless, this is a lot more than most anti-spam companies offer.

Skoll says that adding an extra layer of permissions took a lot of work. "CanIt-Domain-PRO required massive internal coding changes. It meant a lot of changes to a lot of assumptions."

Throughout, the software was made backwards compatible, which meant even more work. "If you have an existing PRO installation, you can upgrade without losing your settings."

All of this in response to customer demand, and not just from webhosts. "One was a government user asking for the ability to decentralize administration among departments. Some larger [global] corporate clients also have distributed administration."

Additional improvements
It's been nine months since we last spoke with Skoll (see The Heart of the Penguin) so we ask what other changes have been made to the software.

He says that the product now handles RBLs better. The administrator can allow individual users to decide how much they trust individual RBLs, or can decide for the group. The trust mechanism provides a wide variety of options including adding a few points to the spam rating based on the RBL, ignoring the RBL, and trusting the RBL.

Many ISPs, Skoll says, now give users more than one e-mail address. The product now allows user self-administration of multiple e-mail addresses.

A significant upgrade, one that we feel should be part of every anti-spam product, is disposable e-mail addresses. The industry has not standardized a name for these. Skoll calls them "locked addresses" which more accurately describes the way his software handles them.

"If you want to give your e-mail address to a website, but you don't trust it, you can go into the CanIt web interface and ask it to make a locked address. The software generates a long, random-looking address, and CanIt remembers the first domain that sends an e-mail to it. The user can configure the system to either reject or flag e-mail send to this address from any other domain."

Wouldn't it be easier, we ask, to have the e-mail be something like my_name_amazon@180solutions.com? Skoll says that, with systems like the one we describe, spammers can guess your real address. Instead, he has added a comment field to the locked address system in which the user writes what the address is for.

Pricing and availability
CanIt-Domain-PRO is available now. Pricing is being finalized but should be a combination of a flat fee and a per-domain fee.

—End