When we think about messaging for the enterprise, is the
glass half full or half empty? Optimists can point to the introduction of new
handhelds that integrate voice mail, e-mail and calendaring, the maturity of
VOIP technology, and new developments in text messaging and RSS readers.
Pessimists point to the continuing deluge of spam, ever-more sophisticated phishing
techniques, and the burdens of increased regulatory compliance.

To find out what the road ahead looks like, we interviewed
Martin Hall of INBOX, the IT Conference, which is devoted to enterprise
messaging. As you can see, while not ignoring the challenges, he is more
optimistic about the future than one might expect. He also blogs regularly on these
issues. If you want more information on INBOX, you can visit the INBOX Web site.

When you look at all
the issues surrounding messaging, what do you think are most important
challenges facing us right now?

We’re seeing a key evolutionary movement of e-mail–from
stand-alone application to mission-critical–that’s an integrated part of every
business, with security, storage, searchability legislative compliance, and
business integration being the most urgent factors.

We all know about the challenges of inbound e-mail abuse.
But what do we need to do about controlling outbound e-mail to control zombies
and the outflow of critical and confidential business information? Has your
business done a controlled evaluation of the regulations that impact them and the
consequences for the capabilities of their own messaging systems? Are corporate
policies in place that govern e-mail use in your organization? Can your users
easily locate key information which is inevitably stored in e-mail? These are
some of the most pressing issues for IT managers who are responsible for their
e-mail communications backbone.

In the United States,
a lot of attention has been paid to corporate governance and document retention,
in light of Sarbanes-Oxley, HIPAA, and other legislation. Are we creating an
inherent conflict between messaging’s usefulness for communication and
increasing regulatory requirements
?

I don’t think so. How we do business is and should be
governed. Post Enron and Worldcom, everyone should be concerned about due
process and rules. E-mails are business records and subject to discovery
process. We need to think of e-mail as digital business records rather than
amorphous and temporary phone conversations. Those bits have liability
implications, so business leaders and IT managers should know what they should
and can keep–and what they should and can destroy. And their systems should
support those requirements.

Convergence is a term
that keeps changing. A couple of years ago, people talking about convergence
usually meant integrating a traditional e-mail inbox with a VoIP-enabled phone
line, so that you could have your voice mail and e-mail in a single inbox. Then
people started to layer in instant messaging. Now you find some who talk about
RSS feeds as part of this equation. Is a single inbox a pipedream that we’re
going to have to abandon, or do you see a path that allows us to integrate
these different types of messages?

I think the first signs of integration are already present. One
example is “availability flagging” in e-mail clients when a person is available
in an instant messaging client. We’re going to see that extended to voice too,
and with developments at the big ISPs and from individual companies like Skype.
We’re not too far away from the day when you simply choose whether you want
data, voice, or video, and the integrated application figures out how best to
communicate with the person or group you’re trying to reach. Of course, this
all presumes some level of directory integration, so address books, contact
managers, and directories are going to be key here.

We’re also hearing about some interesting features in
forthcoming releases of Mac OS X and Microsoft Windows regarding RSS reader
capabilities in the browser. Personally, I think that RSS capabilities are
going to have to be built into the browser and e-mail clients. I fully expect e-mail
service providers who are responsible for legitimate outbound bulk e-mail to
embrace RSS and offer e-mail and RSS capabilities to their customers. In turn,
that will enable users to subscribe to RSS feeds, and they need to be able to
view that content in their next generation e-mail clients. But there’s some way
to go on that integration, and we’re also already seeing attacks on blogs/RSS
in the form of comment spam.

You’ve blogged about
Skype and related technologies. How are you using them now, and what kinds of
capabilities do you think they will bring to organizations in the future?

Personally, I’m using Skype to talk to family overseas. I’m
using the Skype direct and the Skype-out service. Professionally, our
organization is distributed. I’ve started to use Skype internally, because it
allows me to integrate text messaging (in which I can, for example, share URLs
for easy clicking) in parallel with a voice conversation.

The integration of media types together with cost savings
and workgroup collaboration are going to be the major deployment drivers. I
think there’s going to be a major battle between the e-mail client, instant
messaging, and desktop VoIP providers. They all want us to use theirs as the
predominant interface and brand. The user needs integration. The problem right
now is the lack of integration and proliferation of communication clients. I’ve
got an e-mail client, AOL IM client, and Skype running with contact management.
Not to mention my POTS and cell phones!

Authentication is one
of the few things that almost everyone in the industry agrees is a good idea.
To reduce spam, and phishing vulnerabilities, the end user needs to really know
who is sending each e-mail that hits the inbox. There are a couple of competing
concepts for implementing authentication. One is based on IP addresses and the
other is based on digital signatures. Do you see the major players agreeing on
a common approach anytime soon?

The industry did a lousy job in 2004 of presenting a common
message to the IT world on this. The truth is that there is agreement around IP
authentication in the form of SenderID. Things have been relatively quiet on
that front over the past few months because we’ve moved into the implementation
phase. Organizations are publishing their records and vendors and service
providers are working on the inbound record checking technology. So, deployment
is the watch word here.

On the digital signatures front, there was consternation at
the end of last year that we were seeing the CallerID/SPF debate replay itself
in the form of Domain Keys (a Yahoo! proposal) and IIM (a Cisco proposal).
Behind the industry curtain, these players are being urged to merge their specs
and I expect that to happen “real soon now”.

So, do you agree with
the view of some that we’ll see both strategies implemented, with IP Addressing
(SenderID) being deployed first and some version of digital signatures
following later?

Yes. SenderID is probably a year ahead of a hopefully
integrated signing approach and deployment should be happening now. We’ll
likely see the large ISPs, as they have with SenderID, be the first networks to
deploy the signing solutions. Yahoo! and Google are already into that. I should
point out, as part of the largely agreed upon accountability framework, that e-mail
requires that the next phase involve more use of accreditation and reputation
systems, and things are starting to bubble there. If 2004 was the year of IP
authentication, 2005 is likely to be about signing solutions, and I’d expect
2006 to bring reputation and accreditation into the spotlight.

In the US, we’re
increasingly addicted to e-mail and IM, with RSS feeds coming on strong. In
other parts of the world, text messaging via mobile phones has been huge for a
long time. Does this kind of text messaging have implications for corporate
messaging infrastructures? And what trends do you see in this area?

It’s possible that mobile devices will play a key role in
the integration of these communications technologies. At the end of the day,
these devices are communications devices first and foremost, and they’re still
relatively limited in terms of memory, processing capabilities, and storage. E-mail
and messaging are not as entrenched as they are on desktop computers. Together,
that creates an interesting set of reasons to expect the integration of e-mail,
instant messaging, SMS, and voice being a stronger motivating factor for
vendors in this space.

I fully expect the “Crackberry effect” to drive greater
adoption of e-mail and text messaging capabilities in corporate messaging
systems. Again, integration with existing systems will be key. Blackberry
support for Microsoft Exchange and Lotus Notes is an indication that this need
is well understood.

Studies show that as
much as 80% of corporate e-mail is either outright spam or virus/phishing
attempts. While the industry has spent an enormous amount of time and money
fighting both of these, the volume of bad e-mail is still huge. Is there light
at the end of this particular tunnel?

Without a doubt, there is light. First, massive investment
in spam and phish fighting (look at IronPort and CipherTrust VC investments and
Microsoft setting up a group dedicated to safety) means we’re seeing great
technologies emerge. Second, it’s not just VC dollars that are flowing. E-mail
security products and services are being bought in the hundreds of millions of
dollars. That doesn’t happen if they don’t work.

The pump is being primed with new technologies that include
the accountability triumvirate of authentication, accreditation, and
reputation. I’m very excited by the promise of these to make further inroads in
the spam and phishing war and turn messaging systems into systems where you get
much more of what you want and much less of what you don’t want.

You talk about
messaging as moving from stand-alone application to mission-critical part of
all business processes. In many organizations, e-mail is the most important computer
application. However, we are starting to see the rise of desktop search tools
from both Google and Microsoft, which have the potential to change the way
people work. How do you see desktop search and related functionality working
with messaging?

Three search-related stories last year presaged what I think
we’re going to see. First, Google’s Gmail opened some eyes and threatened some
companies with what they came out with in beta form. Second, Stata Labs was
acquired by Yahoo! for its desktop-based search capabilities. Third, a small,
quiet, but virally successful plug-in for Microsoft Outlook, called
“Lookoutsoft,” was acquired by Microsoft.

What does this all mean? I think it means that the big data
gateways, such as Google and Yahoo!, want to parlay their power in Web-based
access into more desktop capabilities. Microsoft will look to defend their
ownership of the bulk of desktops and to be the primary interface to search.
And, quietly, Apple will continue to shine a light on search possibilities with
the forthcoming release of Tiger. We’re facing a battle on the desktop for
predominant ownership of search. That battle will not just be about Web page
search, but e-mail search too.

I’m intrigued to see what both Yahoo! and Google will do to
enable desktop e-mail search. I can “pop” my Gmail e-mail today. But what will
Google do to reach out to that “popped” desktop e-mail with ad relevance? Will
it top or tail my e-mail with ads? And how will instant messaging play into
this battle and the evolution of search capabilities? This is going to be a
fascinating year.