Easy use of Sendmail Premium Reporting

Posted on May 31, 2012 by Christophe Wolfhugel

The other day I needed to get some statistics while visiting a customer about how many accounts could eventually have compromised passwords. The first thing I needed to consider is how to determine if an account has been compromised. Our best practice is to consider that one which is being used from many different IP addresses for authenticated SMTP connections is likely compromised and used by spamming bots, so the exercise is simple: count how many different IP addresses are being used by all the customers.

Surprisingly getting this is also very simple. Thanks to the Sendmail Premium Reporting application powered by Splunk, what I thought would be a 20 lines Perl script needing to parse historical log files ended up being a simple one liner (split on the blog onto 3 lines for ease of reading):

# splunk search 'AUTH=server earliest=-2d |
    stats distinct_count(relay) as relays by authid |
    sort 3 relays desc'

authid                     relays
-------------------------- ------
user1@domain.nothere       20
user4@an.other.domain      17
user8@i.was.here           15

This request will extract all “AUTH=server” lines logged by the MTA (i.e. each time an incoming SMTP connection is authenticated we have this line) and simply display a table showing the authenticated user name (“authid”) and the number of different IP addresses (“relays”) being used.

Another funny and again very simple statistic I decided to determine using similar rules: I wanted to get an idea  how long it took to deliver messages to the local mail store for about the last 7 days.  As you can see this is another very simple search:

splunk search 'relay="store.my.domain. *" dsn=2.0.0
    earliest=-7d | top 20 delay' 

 delay   count   percent
-------- ------ ---------
00:00:01 140318 63.515300
00:00:02  30515 13.812692
00:00:00  22909 10.369817
00:00:03   7359  3.331070
00:00:04   3519  1.592884
00:00:05   2148  0.972298
00:00:06   1808  0.818396
00:00:07   1162  0.525982
00:00:08    780  0.353069
00:00:11    698  0.315951
00:00:09    684  0.309614
00:00:10    564  0.255296
00:00:12    500  0.226326
00:00:13    395  0.178798
00:00:14    355  0.160692
00:00:15    338  0.152997
00:00:17    303  0.137154
00:00:18    266  0.120406
00:00:23    259  0.117237
00:00:22    247  0.111805

Now it’s up to you to share your simple tricks with Sendmail Premium Reporting!

Posted in Christophe Wolfhugel | Leave a comment

Improving STARTTLS authentication in the Sendmail MTA

Posted on May 24, 2012 by Christophe Wolfhugel

After having worked on what I think is the right way to setup X.509 certificates for use in SMTP STARTTLS transactions (see my previous blog entry here), I am continuing my work on how we can improve the way the Sendmail MTA handles STARTTLS authentication. This article explains how the Sendmail MTA handles this and what the limitations are. We will  finally make some suggestions on how we could improve our implementation, and of course your comments to this article are not only welcome, but they will be particularly useful.

Opportunistic TLS or mandatory TLS?

In most cases, mail platforms use opportunistic TLS, sometimes even without the mail administrator knowing this. For example a default setup of the Sendmail Opensource MTA is likely to use opportunistic TLS as a client (when sending mail), and you don’t need to do anything for this. Opportunistic TLS brings encryption of your communication up to the next hop. It does not provide any form of authentication: you may still be sending your mail to the wrong server, just that the communication will be encrypted!

On the other hand, mandatory TLS is when you need to ensure you’re speaking to the right server, and this works both ways: inbound and outbound. Policy configuration will ensure that you speak to the right server, i.e. when the MTA has decided to send a message to, say, the host relay.wolfhugel.eu, you want to make sure that this host shows a X.509 certificate which is adequate and which you trust.

Mandatory TLS makes sense from the moment you need to be sure who you’re talking to, or who is connecting to your mail server. This policy enforcement can be partial: most real life situations use standard Internet mail routing (MX records), eventually opportunistic TLS, and mandatory TLS to/from just a few remote sites.

Current implementation in the Sendmail MTA

Thanks to the use of rulesets to handle TLS enforcement, site administrators have a vast choice of what they can do with respect to validating a TLS connection. The only limitations are:

  • The information coming from the certificate and provided by the MTA to the ruleset engine
  • The ability of the rulesets to do things (and this is quite a large set of things).

Most users will even not use these rules and prefer the existing methods which are part of the MTA package, mostly by ways of using entries in the “access_db” file.

The TLS_Srv and TLS_Clt tags are used respectivement when the Sendmail MTA sends (TLS_Srv) or receives (TLS_Clt) mail and it allows defining one or several actions. These filters apply when selecting the actual name of the server we’re talking to (or the domain of it), this means whatever appears in the MX. For fining control based on the recipient’s address there is a TLS_Rcpt keyword which is applied per recipient, regardless of the server we’re talking to. There is no such rule, sender address based, for incoming mail.

A few examples:

TLS_Srv:wolfhugel.eu      VERIFY:128+CN
TLS_Rcpt:wolfhugel.eu     VERIFY:128+CN++CI:/C=GB/.../O=MyCA

The first line means that when talking to any server called “wolfhugel.eu” or within this domain (mail.wolfhugel.eu, relay.wolfhugel.eu, …), we want the TLS connection to be shown with a certificate whose Certification Authority is trusted by our system, with at least a 128 bit encryption algorithm and in addition we will check the CN of the presented certificate to ensure it corresponds to the one we’re actually talking to. So if our MX record is “relay.wolfhugel.eu” and we send a mail to this server, we want the certificate to be trusted and to have “relay.wolfhugel.eu” in its CN field.

The second line applies to any mail going to someone within the wolfhugel.eu domain, regardless of the mail server we’re actually sending the mail to. We do all verifications described above and in addition we want that the Certificate Issuer (this can be an intermediate certification authority) has a Subject line of “/C=GB/…/O=MyCA”, i.e. we indicate clearly which CA we trust for this domain.

Full documentation is provided in the Opensource Sendmail MTA package in the cf/README file.

Another use of TLS authentication is to permit, or not, relaying, i.e. the goal is to say that if you show a given certificate you may use this SMTP server to send mail anywhere (typically you would use the MSA submission port, 587/tcp). I do use this when I’m roaming: regardless of the IP address I show, my home MTA with allow me to send messages to anyone if I can prove, by ways of the adequate certificate, it’s me.

The verification is again done in two steps by using the “access_db” map: first we check if the certificate issuer is authorized, and then eventually we check the certificate itself, like in following example:

CertIssuer:/C=GB/.../O=MyCA        RELAY
CertIssuer:/C=GB/.../O=AnotherCA   SUBJECT
CertSubject:/C=GB/.../CN=CWOLF     RELAY

The first line means that we will trust anyone showing a certificate issued by the certification authority “/C=GB/…/O=MyCA” (which again can be an intermediate authority). The second line says that if a certificate is presented signed by “/C=GB/…/O=AnotherCA” then we’ll check the Subject of the certificate itself, and we will authorize any listed entry with the adequate “CertSubject” entry.

Anything else? Just write your own rules, and this article won’t go into this. You can write any rules using the “sendmail.cf” language and the values provided for certificates. Following macros are available (taken from the documentation):

  • ${cert_issuer} holds the DN of the CA (the cert issuer).
  • ${cert_subject} holds the DN of the cert (called the cert subject).
  • ${cn_issuer} holds the CN of the CA (the cert issuer).
  • ${cn_subject} holds the CN of the cert (called the cert subject).
  • ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, TLSv1/SSLv3, SSLv3, SSLv2.
  • ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
  • ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm used for the connection.
  • ${verify} holds the result of the verification of the presented cert.
    Possible values are:

    OK verification succeeded.
    NO no cert presented.
    NOT no cert requested.
    FAIL cert presented but could not be verified,
    e.g., the cert of the signing CA is missing.
    NONE STARTTLS has not been performed.
    TEMP temporary error occurred.
    PROTOCOL protocol error occurred (SMTP level).
    SOFTWARE STARTTLS handshake failed.
  • ${server_name} the name of the server of the current outgoing SMTP connection.
  • ${server_addr} the address of the server of the current outgoing SMTP connection.

Limitations in the current implementation

The provided primitives already allow a lot of flexibility, but I feel there are a few limitations which are worth being discussed and which could lead to improvements.

An important limitation I came across when setting up TLS recently is that the Sendmail MTA does not handle the X509v3 “Subject Alternative Name” extension which allows specifying more than one host name in a certificate: my certificate could have a CN=tea.wolfhugel.eu and the extension would list this and all other names I do use the certificate for (“DNS:mail.wolfhugel.eu”, “DNS:relay.wolfhugel.eu”, …). Also one could argue that when doing name matching in certificate validation the current rules do not support the use of wildcard certificates (i.e. “CN=*.wolfhugel.eu”, “DNS:*.wolfhugel.eu”).

It seems like the Sendmail MTA it is somewhat difficult to define rules with intermediary certification authorities when trusting or accepting certificates.

Some proposals to improve the current handling in Sendmail MTA

Here are a few proposals to hopefully improve the way the Sendmail MTA uses certificates in STARTTLS connections and how to decide about giving, or not, authorization to connect or to relay. Comments on this are more than welcome, as users’ feedback is essential for improving the product!

Implement X509v3 Subject Alternative Names

This is a significant change and it requires source code changes in the MTA, but I feel it is probably the most needed extension: the Sendmail MTA would extract the DNS Subject Alternative Names from the presented certificates and expose them to the configuration file in macros $&{altname_subject} and $&{altname_issuer}. These macros can later be used in any rule where they are available for deciding to give, or not, access to the SMTP service.

Create new rules to use the Subject Alternative Names

The two new macros defined with the new names extracted from the certificates can be used to extend the current way the MTA gives authorization. Here is a proposal to extend the current rules.

For the TLS_Srv/TLS_Rcpt entries in the access DB we would add a new attribute called “CA” (as Cert Altnames) who behaves identically to the “CN” attribute but would mean match the CN or any alternative name, and the example given in the beginning of this article would become:

TLS_Srv:wolfhugel.eu      VERIFY:128+CA
TLS_Rcpt:wolfhugel.eu     VERIFY:128+CA++CI:/C=GB/.../O=MyCA

This would mean the the host we’re connecting to must be found either in the CN of the certificate or in any DNS value of the alternative names for the verification to be successful.

Similarly when authorizing a remote party to relay, with the CertIssuer/CertSubject tags, we would add a new value to the access database: “ALTNAMES:xxx” would create an indirection telling to search for a key called “SubjAltName:xxx:value” in the access map which in turn would authorize or prevent access as shown in this example:

CertIssuer:/C=GB/.../O=MyCA         ALTNAMES:SMI
SubjAltName:SMI:cwolf@sendmail.com  RELAY

The meaning of the above would be that whenever a connection is made with a certificate issues by “/C=GB/…/O=MyCA” we will be checking the alternative names and our key for the lookup is “SMI”. If any of the alternative names is “cwolf@sendmail.com” relaying will be authorized, and yes here we do allow Email addresses as alternative names.

Implement the wildcard certificates

Another point which has not been implemented in supporting wildcard certificates, i.e. a certificate whose CN or alternative name contains a star, like “*.wolfhugel.eu” meaning this certificate covers any host within the “wolfhugel.eu” domain name. This implementation would be transparent, i.e. no changes in the access map would be required.

Conclusion & next steps

As you can see there is some room for a few improvements. While some of these changes already exist in a development lab environment, they have not been finalized.

Your input on this is valuable, please don’t hesitate to comment with your thoughts and suggestions on this topic. How would you like the Sendmail MTA to handle STARTTLS enforcement?

Posted in Christophe Wolfhugel, Email Security, Open source | Tagged , , | 2 Comments

The Impact of Machine-Generated Messages on Enterprise Email Infrastructure

Posted on May 10, 2012 by Gregory Shapiro

Sendmail has a new white paper available (PDF) on the impact of machine-generated messages on enterprise email infrastructure. The paper describes the category of machine-generated messages, the challenges they create, and what you can do to meet those challenges. It also offers examples of applications/devices which generate mail so you can identify them in your organization. It is especially useful for those looking to get better control over mail flow and for those planning or executing a migration to the cloud.

I would also recommend two related papers:

  • Can an Enterprise Email Backbone Infrastructure be Moved to the Cloud? (PDF)
  • Moving to the Cloud: Important Things to Consider Before Migrating Your Messaging Infrastructure to the Cloud (PDF)
Posted in Cloud, Email Backbone, Gregory Shapiro | Tagged , , , | Leave a comment

Interesting Observation Regarding IaaS at Silicon Valley Cloud Computing Group

Posted on April 24, 2012 by Gregory Shapiro

The Silicon Valley Cloud Computing Group kicked off a series of Infrastructure as a Service (IaaS) meetings last night with a presentation about CloudStack. CloudStack was recently relicensed by Citrix under the Apache Software License and is a public and private cloud provisioning and management stack, akin to OpenStack. One of its main benefits is it is both hypervisor agnostic (XenServer, VMware, Oracle VM, KVM, bare metal) and storage agnostic (local disk, iSCSI, Fiber Channel, NFS, Swift).

However, one of the main takeaways for me was the distinction between the usage of cloud compute resources based on the underlying stack. VMware vCenter/vCloud was portrayed as being best suited for traditional enterprise apps & client-server computing where the environment may have hundreds of hosts and in which applications (VMs) assume reliability thanks to, for example, vCenter’s fault tolerance features (e.g., vMotion). In contrast, CloudStack and other similar products/projects are best suited for big data, massive scale, next generation apps which scale out to environments with thousands of hosts running applications that assume failure such that loss of multiple resources doesn’t interfere with the operation of the overall application.

It is an interesting distinction and I wonder how accurate it is. If it is accurate, it is another point to consider for enterprises deciding on the technology to use to build out their private cloud infrastructure. If you have an observation either way or want to share how your enterprise has built out virtualization and/or a private cloud, add a comment to this blog entry to continue the discussion.

Posted in Cloud, Gregory Shapiro | Tagged , | Leave a comment

Sendmail Annual European Symposium 2012

Posted on April 19, 2012 by Gregory Shapiro

I just got back from the 2012 Sendmail Annual European Symposium in Frankfurt, Germany. This year’s event featured great customer presentations, partner workshops, and technical sessions. Glen Vondrick, Sendmail’s President and COO, kicked off the sessions with a look at Sendmail’s accomplishments since last year’s event and a look at where we are going.

Next up, Citigroup, which is celebrating their 200th birthday this year, gave a great presentation on how, as a digital bank, communications relies on the email backbone layer to be fast, resilient, reliable, and efficient and how the modernization of their messaging infrastructure was able to reduce their backbone from more than 100 servers in 5 layers to a single layer and a 10:1 server reduction.

The attendees were then brought through the migration of a major telecommunications industry enterprise email infrastructure from a mess of point products to a self-managed set of Sentrions in a hybrid private cloud environment, integrated with mailboxes living in the cloud and on-premises, all running under a single domain indentity.

The third customer presentation from arvato Systems, a provider of global consulting, system integration, and infrastructure services, took us through their modernization from 28 servers split between 4 layers running open source components. The modern infrastructure now takes advantage of their existing VMware services using Sentrion MPV and 3 Sentrion MP hard appliances. They are using Sentrions to provide this new mail security layer as a private cloud service to their internal customers.

Following the customer presentations, I brought the group through our work and plans for the latest application built on top of the Sentrion platform: Rogue Application Email Control. Rogue Email Application Control provides a fully automated solution to identify and control the communication flow of email-enabled application servers – reducing security risks, increasing value to individual lines–of–businesses, protecting brand reputation, all while reducing overall administrative costs. It enables mail administrators to discover, register, control, and monitor email enabled applications using their mail infrastructure.

We wrapped up the first day with an E-mail and the Cloud customer panel discussion featuring many of our customers who have already made the jump to a hybrid cloud and on-premises mail infrastructure. Through Q&A discussion, many useful lessons came out regarding what can and can’t be put in the cloud, potential future cloud product innovations, and the effects of the consumerization of IT and Bring-Your-Own-Device (BYOD). More details can be found in the live-tweet from the event mentioned below.

The second day began with workshops on three partner applications built on top of the Sentrion Applications Framework. First up, Totemo brought the attendees through the capabilities and a demo of the Totemo TrustMail application, which allows for client-less encryption and digital rights management using the recipient’s choice of S/MIME, OpenPGP, SSL/TLS, PDF-based encryption, or webmail delivery. In the second workshop, Image Analyzer described how illicit content in enterprise email can cause damage to brand & company reputation, company culture, and has legal liability. They demoed how the Image Analyzer application engine can be used to provide monitoring, user education, and enforcement of corporate acceptable use policies. The final partner workshop featured Trustsphere’s Logiq application that not only combats email false positives, spear phishing, and DDoS attacks, but also now features Enhanced Business Visibility to provide sales intelligence, operational intelligence, and the enterprise social graph to enhance decision making.

The day wrapped up with one last set of technical sessions from Sendmail’s Chris Meidinger and Kin Fung. Their sessions highlighted some of the new Sentrion MP 4.2 features and included a demo of the upcoming new Sendmail Quarantine. Chris showed off a new feature for enabling load balancers between email generating applications and sendmail MTAs while preserving the original source IP address of the application. Kin Fung gave the attendees a look at the Sentrion Apps SDK which enables building of applications on top of the Sentrion MP platform (such as the aforementioned partner applications). Kin then gave a demo of the new Sendmail Quarantine, currently under development, which replaces the existing end-user quarantine interface with a modern, flexible interface and has consolidated policy into the Sentrion MM policy engine. The new quarantine can support quarantining for different purposes beyond just spam (e.g., compliance, corporate governance, regulatory, etc).

As you can see, there was plenty of content and it was a jam packed two day event. However, at least for me, the best part was reconnecting with old friends (a.k.a., customers), meeting some of our new customers, and getting valuable feedback for existing and new products. I’m already looking forward to the next one. If you want to read more about what happened, I live-tweeted the event. Follow @GregShapiro and read all about it there.

Posted in Gregory Shapiro | Tagged , , , | Leave a comment

Cloud Service Selection Criteria

Posted on March 12, 2012 by Gregory Shapiro
During the 2012 Consumerization of IT Conference & Expo, Terri McClure, ESG Senior Analyst, gave a presentation on Online File Sharing & Collaboration in the Enterprise that included a useful list of key criteria for evaluating cloud vendors for file sharing.  Most of these criteria can apply to many, if not all, cloud services as well.
 
  • File Sharing Base Functionality
    • Sync, Share, Search, Collaborate, Endpoint Device Support
  • Pricing Models
    • Seat-based, Capacity-Based, or Hybrid; All Inclusive or Chargeable Add-ons
  • Deployment Models
    • Public Cloud-Based, Hybrid, or Software and Services
  • Administration and Control
    • Integration with Existing IT Applications & Tools
    • Sharing and Collaboration Tools
    • User and Group Quotas
    • Ease of Provisioning and De-Provisioning
    • Audit Reports
  • Availability & Support
    • Single Data Center or Multiple
    • Remote Replication
    • File Versioning (How Many?)
    • Self-Service Restore
    • Backup and Contingency Plans
    • Phone or E-mail Support
    • Response Times, SLA
  • Security
    • Data Encrypted in Flight and At Rest
    • Remote “Wipe” Capability
    • Data Center Certifications
    • Integration with Mobile Device Management Solutions
    • HIPAA, PCI, FINRA, Safe Harbor
 
This list is a good starting point for considering a migration of email services to the cloud. However, email has its own unique challenges and considerations. Two Sendmail whitepapers give insights into the challenges and questions you should be asking when investigating a cloud email migration:
 
Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

Embracing failure

Posted on March 5, 2012 by Gregory Shapiro

Amazon’s Rule #1: “Everything fails all the time.” (Werner Vogel, CTO at Amazon.com)

A common misconception for consumers of cloud services is that SLAs ensure availability.  In reality, SLAs do nothing to improve availability.  SLAs only provide a way for attorneys to make money arguing over compensation after a failure.  In most cases, the eventual compensation is the cost of the services for the outage period, not the loss the outage caused.  Cloud service providers must plan and engineer for failure in order to be successful.

At CloudConnect 2012, Jesse Robbins, Co-Founder, Opscode,  gave a keynote (PDF) recommending Game Day real world testing, which has three facets:

  1. Preparation: Identification and mitigation of risks and impact from failure.  This reduces frequency of failure (MTBF) and reduces duration of recovery (MTTR).
  2. Participation: Builds confidence and competence responding to failure under stress.  It also strengthens individual and cultural ability to anticipate, mitigate, respond to, and recover from failures of all types.
  3. Exercises: Trigger and expose “latent defects”.  This lets you choose when to discover issues, instead of letting that be determined by the next real disaster.

The lessons that come out of Game Days usually include:

  1. We have a bunch of manual processes that we need to automate.  Jesse’s advice is to automate everything to point that you can view your infrastructure as code, reconstructing the business from nothing but a source code repository, an application data backup, and base resources (hardware).  This requires continuous integration & deployment, and automatic failover and fallback
  2. We need better incident management.  Development and operations need to work together (which may represent a culture change for the organization).
  3. One of the cloud service tiers (e.g., load balancing, website, DNS, database, etc.) failover didn’t work.  We need to test and maintain our emergency tools & processes.  Infrastructure as code can help here too.  Build emergency management processes into what you do every day (e.g., deployment code).

If you run a cloud service (whether private or public), I’d recommend following Jesse’s advice.  If you are a consumer, pay attention to SLAs but more importantly, talk to your vendor about how they test for failure and how often they test production failover.

Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

*aaS: A picture is worth a thousand words

Posted on February 17, 2012 by Gregory Shapiro

During a presentation, I attempted to explain the differences between Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) using examples to illustrate the resources provided by each:

However, some of the participants didn’t understand the subtle differences between these different services.  Luckily, I ran across Kate’s Comment blog’s graphical representation of the various layers that conveys where each of the *aaS services starts and stops.  I’ve included it here so you can use it to help understand the difference and/or explain it to others.

IaaS, PaaS, SaaS Layers

IaaS, PaaS, SaaS Layers

I recommend starting from the bottom, where you will find the physical layers (power, networking, machines).  From there it moves up into software and client devices/end users.  On the right side, you will see where each of the *aaS (IaaS, PaaS, and SaaS) start and stop.  For example, in IaaS, the cloud provider provides the data center, networking, physical servers, and a virtualization layer.  The customer must bring their own OS, infrastructure, application software.

Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

Email Policy: Self-Governance or Central Enforcement?

Posted on January 25, 2012 by Barry Shurtz

Glen D. Vondrick Sendmail President and COOOur President and COO, Glen Vondrick, who has been in the messaging market for years, wrote an excellent article published in Messaging News on whether email policy should be self governed or centrally enforced.

In the article Vondrick sets the stage about how corporate email is the backbone of business communications and if it goes down productivity of the workforce plummets and how there is a greater outcry than when any other “utility” becomes unavailable. He argues that in the enterprise email has become more reliable and trusted than the telephone or any other human collaboration tool.  He suggests however that if it is not properly secured, it can also pose a great risk.

He then poses the question:

“So why is it that so many large organizations have not implemented reliable email use and enforcement policies to govern security and compliance risks, data leak protection, messages accidentally sent by mistake, or even best practices for communication and systems efficiency? Is it the lack of available and trusted technology, human apathy, or a little of both that prevents most organizations from doing more about it?”

To learn more about the answer to this question, read the full article here on Messaging News.

Tell us what you think.

Posted in Barry Shurtz, Glen D. Vondrick | Leave a comment

A Look Back and the Road Ahead for IT

Posted on December 14, 2011 by Barry Shurtz

It’s been a significant year in IT and there have been technologies, such as cloud, awaiting their due that received time in the spotlight, as well as some trends that may come as a surprise.  Sendmail CEO Don Massaro had the opportunity to share a few of his thoughts and predictions on the past year in IT, as well as what to expect in 2012, with Enterprise Systems Journal (ESJ) in a contributed piece titled, “A Look Back, The Road Ahead for IT.” In the piece, Don shared his take on key 2011 trends and his take on three trends we’ll see in IT in 2012. Here, we share just a snapshot:

2011 Trends:

  • The Cloud Opportunity
  • Increased Adoption of Encryption Solutions
  • Increased Reliance on Delivery of Business-Critical Information

2012 Predictions:

  • The adoption of hybrid infrastructures that make use of both cloud services and in-house infrastructures will be key
  • Application-generated e-mail will dominate messaging
  • More U.S. government agencies will get on board with cloud computing

To read Don’s full article on what to expect next year, you can reference the full article here. We look forward to your comments and thoughts below.

Posted in Don Massaro | Leave a comment