About a year ago, I retired. More on that later.
Over the past year or so, I’ve done quite a bit in terms of email security research, bouncing ideas at random hours and even more random levels of sobriety with my team @ExchangeDefender. And while there is a thin line between genius and insane, there is a very clear red line when it comes to compliance, standards, international/national/state/industry/blah regulations that are governing email at an increasingly detrimental value to the email user. At one point earlier this year a large email provider went lights out for an entire day and this post caught my eye:
“We’re rerouting email. We cannot afford for the client to be down, but we also can’t just point it direct and risk that someone clicks on something that gets them hacked.”
Since then I’ve talked to some of my industry friends about a concept of a non-profit email research service focused on sharing security information. Much like my pile of Corvette projects, it remained in random stages of discussion and whiteboarding.
Then Dorian came up. Ever since the earliest days of ExchangeDefender (and it’s ETRN predacesor at DialISDN) we’ve offered free email failover MX service to folks in a way of a disaster, and it’s always been popular. But thanks to the red tape, freebie anonymous access to the ExchangeDefender would blow compliance on many levels. That bugged me but, really, not much I can do.
Fast forward to Friday afternoon, while enjoying a lovely glass of pinot noir waiting for my 4-hour-delayed flight… Dorian got upgraded to a category 4 hurricane. My flight got delayed again due to storms in Dallas, and my glass of wine got upgraded to a bottle. I called my boy Travis (CTO, ExchangeDefender) and after hearing “No” about 94 times, he agreed to vlan off some decomissioned hardware for the project. Three days of writing, testing, and tweaking the first inbound node went up at inbound.xdwall.com. It’s already up and running and queueing/delivering mail for servers in the way of this storm.
Once I come up with a less stupid name, I will announce it here. Once the nonprofit is organized, licensed, etc we’ll make a big deal of it but here is the skinny:
$x is an email security/resiliancy project. Nearly all the security problems organizations have start with an email and relying on the user to stop them is just simply naive. Commercial email operations are more concerned about selling advertising / productivity software and devices than they are about a working communications product, further discouraged by an excessive regulatory process that is slowing down innovation. I am building $x as a free email security layer, designed to provide a layer of common sense security at the edge of the network.
More on all that later. If you are in the way of the storm, send me an email at firstname.lastname@example.org and point your secondary MX (of a significantly higher weight) to inbound.xdwall.com.
We’ll make it through this storm together. There will be more storms. There will be stronger storms. And when we’re not fighting mother nature, we’ll be fighting a random assortment of Russians, Chinese military, and an occasional African prince that really, really, really needs to get his fathers money out of the country. Worst case scenario, an unscrupulous marketing scammer will be forced to get a real job. And no matter how funny, all of these people pose a direct threat to you. So.. you can sit at the airport and get drunk or you can do something.