4 approaches to Securing Documents and Email Attachment Assets

Greetings !!!

Recently Mithi launched a new capability in Connect Xf (3.16), called the Secure Attachment Vault, which allows you to capture all inbound and outbound attachments into a central secure reliable storage as an Asset repository. This frees up the user to freely create and exchange the documents, without worrying about securing them someplace. While this is one approach to securing the document assets being created within the enterprise, I thought I might share 3 more approaches to do the same. As you read, you might find that in many situations you may need to adopt the use of more than one method to ensure that no data is missed.

Popular research by various groups shows that Email Attachments account for 85 percent of all e-mail data. Graphics, spreadsheets and Word documents frequently accompany email messages. Looking at these reports and from our own experience of working with enterprise customers for over 15 years, we have learnt that the attachments sent and received by employees are among the most valuable assets of the company.

Typically these precious assets are stored and maintained by the users on individual end points (laptops, PCs and devices) and only transported using email. To retrieve all or some of these assets, the company or the user would need access to ALL the emails of the user to search for the relevant emails and/or the devices used by the user.

The following are possible approaches to ensuring that these precious assets (documents) are secured in a reliable medium for access on demand. Lets explore each approach to learn how EASY it is to access these assets on demand.

Secure Attachment Vault:

Using this capability, administrators can ensure that every single attachment sent and received by selected or all users of the system can be automatically uploaded to a central point (typically an FTP server). Thus each user can be provided with a secure ftp space, where only the attachments sent and received by the user are deposited. Using any simple ftp client, the user can now access all the assets. The system has the flexibility to even group the storage of assets across a group of users (departments)

End point backups:

Invest and Deploy an end point backup system to ensure that all data on all devices and machines in use are backed up centrally and automatically. Depending on the capability of the end point backup tool, this may allow you to retrieve a portion of the users’ data or all of it in case of a disaster at the end point. Please note that the data being backed up should include the local mail store of the user (e.g. the PST files in case the user is an MS Outlook user or the mbox files in case the user is a Thunderbird user). Note that while the Secure Attachment Vault will capture all documents transported over email, it will not be able to secure the documents from the user’s machine, which were never sent using email. Thus, it appears that this method may be a must in most environments. There may be many methods to achieve end point backups, and we can discuss this in another blog post.

Email Archival:

You can setup the personal archival system in Connect Xf to capture a copy of every mail sent and received by the users in a central mail archival storage. This system maintains the data in the archival based on a retention period, and allows the user to search for specific mail or even retrieve the entire mailbox in case of a disaster on the server or at the end point. In most environments, it has become mandatory to maintain an archive of the emails for a specific period for governance compliance. While this is fine as an archive of the communication between the user and other recipients (local or remote) and can serve very well as an audit trail and a disaster recovery point, it is not the most conducive method to access all the attachment assets easily since there would be multiple copies (thanks to the back and forth communication) of the assets, and the assets would be embedded in the mails (needing each mail to be opened to access the attachments). Read more about archival here.

SISA (Single Instance Storage for Attachments):

Understanding the needs of the corporate to gain easy access to the attachments, Mithi has been continuously innovating around the handling and processing of the attachments that flow through the system. Earlier versions of Connect Xf saw the introduction of the highly popular SISA (Single Instance Storage for Attachments) feature. By configuring SISA, customers could modify mail delivered to user’s inboxes, such that while the mail body remained intact, the original attachments were stripped and stored in a central repository and hyperlinks to these were inserted into the original mail. While SISA helped companies save on  the precious resources of storage and bandwidth and also secured the attachments,  this method faced the same challenges in ease of accessing these assets as described for the Email Archival approach above.

So which method is best?

I would deploy all 4 methods, each for the benefits it offers besides just securing the assets. viz. saving bandwidth, storage with SISA, being ready for compliance and disaster recovery with Personal Archival, having a backup of and easy access to all attachments sent and received by users with Secure Attachment Vault and wrapping this all up with a good cost effective End point backup system.

Do write to us if you know of more approaches to secure document assets. We would love to hear from you.


Posted in Collaboration Infrastructure, Connect Xf Email Server | Tagged , , , , , , | Leave a comment

Connect Xf Release 3.16; Saving Costs, Securing Critical Information Assets using the new Attachment Vault.

“Attachments account for 85 percent of all e-mail data (source:Radicatti Group). Storing all the attachment data bogs down e-mail servers, yet purchasing new servers is cost-prohibitive”

Our own experiences in working with email and collaboration systems both as a user and as a maker, agrees with this. More importantly, exchanging large attachments with a large number of people slows down the mail delivery resulting in performance degradation.

Large amounts of storage offered as standard part of the cloud based email solution tends to make worse the problem and hide this cost. But it is something that the customer is paying for. Sometimes even before they make actual use of it. Business customers can well do without this cost.

Also as part of working with hundreds of customers for their email and collaboration systems, we know that the attachments sent and received over a companies email system are some of the most important information assets of the company.

To help save storage costs, while ensuring efficient exchange of documents and their secure storage, we have been innovating around the handling and processing of the attachments that flow through the system. Earlier versions of Connect Xf saw the introduction of the highly popular SISA (Single Instance Storage for Attachments) feature. By configuring SISA, customers could modify mail delivered to user’s inbox, such that while the mail content remained intact, the original attachments were replaced by a link to a central store. This helped companies save on both storage and bandwidth.

Connect Xf 3.16 adds another exciting feature – Secure Attachment Vault. Using this feature, administrators can ensure that every single attachment sent and received by selected or all users of the system can be automatically uploaded to an FTP server for secure storage.

The feature has multiple benefits as seen by the brief case studies mentioned below.

Leveraging the Secure Attachment Vault to offer more value to customers

The feature which allows you to configure a central repository of all attachments sent using the email server was first developed as a custom service for one of our clients.

Our client develops a vertical app for selling retail financial products. The app is used by the sales agents of these companies to manage their customer engagements. Once logged in, the agent can also use the collaboration applications such as email, calendar, video calling etc (provided over the SkyConnect platform) in addition to the core application features.

The agents receive daily transaction reports from external agencies that are sent as attachments to mail or as links within the mails.

When such a mail arrives on the server, the system detects the attachment and queues the mail for offline processing. The original mail is delivered to the intended recipient.

The mail queued for offline processing extracts the attachments from it and uploads it to an FTP server. On a daily basis, the app goes through all the attachments uploaded to the FTP server, and extracts information about the transactions and updates the agent’s financial portfolio.

References :

Increasing internal process efficiencies

While this is a very elaborate integration offering great value to our client’s customers, at Mithi we also use this feature of Connect XF to improve our internal efficiencies.

All the purchase orders received by our sales people e.g. are forwarded to a single id. The id is also used to send out invoices to customers.

Using a combination of filters and the new feature of uploading attachments to an FTP server, all the purchase orders received and invoices sent are automatically maintained on an FTP server, thus freeing the sales and administrative staff of the tedious task of physically maintaining a central repository for easy future reference.

Providing a Vault for the key assets

For another of our clients working in market research, the reports and research papers that flow through the email boxes of the people working at the firm are their most important assets. It is important for them to secure these documents in a central repository so that it is easy to search and ensure that there is no loss when an employee leaves or loses his mail due to a device breakdown. The new feature automatically extracts and uploads all the attachments to an inhouse FTP server to ensure that they do not have to worry about losing or locating their critical information assets.

We’re excited about the possibility these feature hold for our customers. Do write to us if you can you think of any more use cases. We would love to hear from you.

Posted in Connect Xf Email Server | Tagged , , , , , , , , , , , , | Leave a comment

Great Blogging…..Great low cost Marketing: 5 ways to Connect the dots

A lot has been written (blogged and flogged) about what is blogging, the benefits of blogging, leveraging blogging for building your brand (self and/or business), share ideas etc. With this article, I am not venturing into that space, instead I would like to share my experience of blogging where the rubber hits the road. I have distilled 5 key takeaways from my experience and my discussions with other bloggers on Linked in (viz. Rob, Vicki and Roland)

What is obvious?

Blogging is a quick way to publish content on your personal or corporate blog site and topic, which typically reaches your followers/viewers in a flash, and they can then come have conversations around the topic, thus enhancing/building on the original idea. Blogging has opened up creating and sharing content to almost anybody who can write. Its THE place to share your ideas, opinions, findings, etc.

So what’s the difference between a normal web site page and a blog?

Normal web site pages are typically static, simply stating facts, have a more enduring value as they stand and don’t really warrant an open conversation around them. E.g. product features, business case studies, price sheets, calculators, etc. These reflect the corporate offering and is akin to the shop window.

On the other hand, Blogs are dynamic, they flow with the thoughts of the author. A blog on any subject is a live active document, which is “continually” and “consistently” updated and maintained. Means that a successful blog is one, which is not a one thought wonder (like a one song wonder). Instead it exhibits thought leadership i.e. not just quality but also consistency of output and meaningful conversations (like this one), which then becomes a source of continuous learning for the reader/audience. Its like a build up towards a goal.

So what kind of articles constitute a blog?

I’ve been thinking that no matter what the subject, and presentation style or technology used, I feel the content of a blog can fall into the following framework of categories:

  • INFORMATIVE: The blog simply shares some knowledge, news, report, statistics etc. Reports on what has already happened.
  • ANALYTICAL: Author presents some insight, some reflection, some opinion on some aspect of the subject. This type of writing is typically to get feedback and build on some idea.
  • PRESCRIPTIVE: Author presents a ready made distilled list of actionables, which stems from the authors experience and observation. This will typically have the structure like “10 ways to increase sales”, “10 things to avoid when presenting to an investor”, etc.
  • INQUIRY: Author presents a question or a method and is requesting for feedback from the community to build on that idea. Note that this is different from Analytical writing since here the author has no opinion but just a question. Analogy is “thinking aloud”, “I need help with this problem, let me ask my community”, etc.

I feel that a good productive discussion around a subject will have a healthy mix of posts, which are of the above types and promote a dialog among the community and is not just a monologue or discourse by the author.

What should I watch out for, while blogging?

Note that your writings are direct reflection of who you are and what you stand for. If you stand for multiple things, its a good idea to have multiple topics in your blogs section. e.g. animal  welfare, business systems automation, etc. I would  advice against mixing up your posts across topics, since that leads to a weakening of the build up of value in that topic. Besides the obvious dos and donts, it may be a good idea to establish a “house style guide”, which is important for branding. Surely you want a sharp associatable brand and not some loose collection of disconnected threads that appears like a hair ball (blogging for the sake of blogging). Hence the posts require a style and content “coherence” and “quality” if “You have to KEEP ATTENTION, ENGAGE in discussion, LEAD in discussion, and INFLUENCE (as Roland aptly stated).”

Who can blog?

Anyways, now that we have a “prescription” for how great blogging can be used for effective and low cost “marketing”, how does one actually execute on this prescription? Given that all the good intentions are there :-)

I feel that great blogging requires a context. People in deep touch with the context should be a helm of this activity. Also this is possible only by putting adequate time and energy to analyse, write and produce quality documents for consumption by the readers. Writing is not a trivial activity. Its akin to writing great software code.

Honestly I have been struggling with this. I tend to get so caught in operations that I become a “victim” of my “own busy ness” and I keep postponing the writing activity. While we have established that great blogging and great conversations, is the lowest cost way to attract visitors, build communities and translate a portion of them to buyers for your services, then why don’t I do it consistently (at the risk of the business loss)? I observe that sometimes the gap between my blog posts can be from 1 week to 4 weeks. I can continue to make excuses or on deeper reflection I discover that its probably that I haven’t connected to the importance of this activity OR that when there isn’t much activity around my  blog, I lose interest and get working on something more tangeable.

What is your reason for not tapping the keyboard today?

What is my response to the slow pace of blogging?

I am learning to see that this activity is at a higher level and needs my personal time and attention (its about context). I am learning that while operations can be outsourced, creative writing cannot. I am learning to overcome this by understanding that all good practices need patience and time to get established. I also realise the need to relax and just be at it consistently improving my output. I am also learning to give this due importance and “dedicating” an uninterrupted portion of my day to work on writing, sharing and connecting with other like minded people.

Any thoughts on this thought?

Posted in Getting Better | Leave a comment

Affordable Enterprise Class Real-time Collaboration Solution for Indian SMBs

Lower Cost & Higher Productivity for the SMBs

The use of Collaboration technology to drive down costs and improve productivity is fast gaining popularity amongst the SMEs (Small & Medium Enterprises), with over 40% of the SMEs surveyed targeting the use of collaboration technology to meet this objective.

But the SMB (Small and Medium Business) customers remain ill served by the current offerings in the market, that are either too highly priced or deliver poor performance, adding to the woes of the small businesses.

Affordable Enterprise Class Collaboration Solution for the Cloud

To address this concern Mithi has made available its highly secure and reliable email and collaboration product Connect Xf as a cloud based solution (SkyConnect) for the SME customers at a very affordable costs.

Mithi has leveraged its considerable strength in building highly secure and available email & collaboration systems to create an Enterprise Class solution for the cloud.

The cloud based offering comes with enterprise grade security for mail flow and access control, range of archiving services (on cloud and in premise), options for in-premise, cloud and hybrid set-up, and fine & granular control for the admin.

Real-time Collaboration

The latest release of Connect Xf (Ver 3.14) that integrates text, and audio-video chat along with email & calendaring application, is also now available as part of the cloud based offering.

The company feels that the cost effective real-time collaboration capabilities can help considerably lower the costs of operation and improve productivity, through reduced travel & face to face meetings, faster issue resolution time, improved customer engagement etc. for the SMBs.


Mithi offers as part of the solution a customized integration and deployment service, that can help integrate the collaboration applications with other business application in the enterprise, for much higher gains in efficiency and effectiveness for the enterprise.


Built entirely in India on Open Source platform, Connect Xf, incorporates some of the most well tested and secure open source components in the world. The solution requires no additional investments in infrastructure, or the use of special hardware or software, and can be accessed over a browser or by use of standard apps on the desktops and devices. The cloud based solution is priced in the mid range from Rs350/- to Rs800/- per person per year, with features for enterprise security, applications, and customisation capabilities not matched by others in its class.


The unique feature of the product is its open architecture that allows for easy integration with a wide range of free to use apps, low cost devices and systems. Offering an affordable & adaptable alternative to the often more expensive and in-flexible proprietary systems.

The Company believes that the combination of high performance & high adaptability without the high cost is ideally suited for the Indian SMB customers.

A Proven Track Record

Ranked amongst the top 100 software product development companies in India, the company counts amongst its customers some of the leading businesses in India.

For more information please visit www.mithi.com


Posted in Collaboration Infrastructure | Leave a comment

How is email phising and spoofing hurting your business

Email Spoofer

Email spoofer

Email spoofing is email fraud and deception. Spoofing is the most common from of the modern con game called ‘phising’. The email spoofer is trying to “phish” your passwords and login names by attempting to lure you to reveal your account and password details. Essentially, the email spoofer is a spammer trying to hide his true identity, while still filling your mailbox with advertising and also attempting to steal your confidential information.

To help you learn about email phising and how you can deal with such mail, Mithi’s security team created an infographic to help you understand the phising phenomena worldwide, how it impacts your business and what you can do to prevent it.

Click here to read more

Posted in Collaboration Infrastructure, Connect Xf Email Server | Leave a comment

SECURITY ALERT: Impact of Heartbleed bug of OpenSSL on Mithi Connect Xf

This security message is to notify you of a major security vulnerability that has just surfaced within the past 3 days, and referred to as Heartbleed. We urge you to read up our security alert/announcement about this bug in OpenSSL and its impact on Mithi Connect Xf, which is deployed in your environment, and whether you need to take any action.

See more at: http://www.mithi.com/forum/security-alerts/380-impact-of-heartbleed-bug-on-mithi-connect-xf.html#384

Posted in Connect Xf Email Server | Tagged , , , | Leave a comment

How does Mithi SkyConnect co-exist with Google Apps on the same SMTP Address space (email domain)?


There is a requirement to host the email infrastructure of a company across 2 different solutions, such that both the solutions share the same SMTP address space and the company can divide their mailboxes across the two solutions. This is typically done to allow a set of users to use one of the solutions for the value that it offers and allow the remaining users to derive benefit from the value delivered by the other mailing solution.

Essentially your critical requirements are not met entirely by one solution, but the benefits offered by that solution cannot be ignored either. In the case of Google Apps (GApps), some of the key management people, may need to use the GApps features and may need tighter integration with their G+ profiles etc, which will not be available with the Mithi solution. At the same time, the remaining set of users, have no need for all the capabilities of GApps and it would be most effective to host them on a simpler solution.

A Co-existence solution, as the name suggests, is a solution where 2 or more mailing systems work seamlessly together to provide a common/ shared address space (email domain name like acmecorp.com), and if possible a centralized directory for authentication and personal properties of entities (users, groups), and common contacts of all mailing systems to all users.

Such a solution allows the organization to host separate groups of users on different systems depending on their usage requirements. E.g. in an organization with 1000 users, a typical co-existence between Connect Xf/Mithi SkyConnect and GApps will allow the organization to host 100 users on GApps and 900 on Connect Xf/Mithi SkyConnect, sharing a common domain name in their email ids, and with seamless mail flow between the users of both systems.

Key benefits of such a setup

  • It provides the critical features/ functionalities required by the top management in a way they would want.
  • It also enables the organization to save big time on the overall infrastructure, management and upgrade costs, by ensuring that a majority of the users remain on a low-cost, resource-efficient system.
  • It brings in value from the open world, which gives the business an IT edge, like archival, mobility for almost all types of devices, access to free clients and applications like Thunderbird, Jabber chat clients etc. E.g. With open technologies, you could use any Android based phone/ pad/ tab, iPhone, iPad, to get seamless access to email, calendar, chat, and address book, while on the move. A possibility like this allows the field force to be more connected to each other and not just the top management.


To explain the working, we have assumed an example domain of acmecorp.com and also assumed that there would be 100 users on GApps and 900 users on the Mithi Setup (Connect Xf or Mithi SkyConnect).

The GApps system has a feature which supports such co-existence configurations to share an SMTP address space. This is done via the
Google Apps > Settings for Email > Advanced Settings – Routing (Email routing)

You would need to configure catchall routing as explained below.


  1. On GApps setup, add the acmecorp.com domain and configure the 100 users, who will use the GApps setup.
  2. Also Add an alias to this domain called gapps.acmecorp.com
  3. On the Mithi setup, configure the remaining 900 user accounts who will access their mailboxes from the Mithi setup.
  4. On the GApps setup, configure the email routing for the catchall account (all mail meant for unknown email ids of acmecorp.com) to push this mail to the Mithi Connect Xf or Mithi SkyConnect server host name as the destination.
  5. On the Mithi setup, add and configure the remaining 100 accounts (whose mailboxes are on GApps) to forward mail to the corresponding email id on the alternate domain viz. gapps.acmecorp.com (forward to alternate domain)

The mail flow explanation which is below will make it clear as to why we need an additional domain as an alias on GApps.

Hybrid solution of GApps with Mithi SkyConnect for sharing same email domain name (SMTP address space)

Co-Existence between Google Apps and Mithi SkyConnect or Connect Xf

Inbound Mail flow:

The MX for acmecorp.com and gapps.acmecorp.com will land on the GApps servers, which will deliver mail locally for the users hosted on the GApps server, and forward mail for unknown users to the host name specified for the Mithi server. GApps will assume that if the mail is destined for an email id of acmecorp.com, which doesn’t exist on GApps as a mailbox, is a user on the foreign email system and will use the configured destination host to route mail to the foreign mail server.

Mail destined for gapps.acmecorp.com is aliased to acmecorp.com e.g. mail sent to user@gapps.acmecorp.com is translated to user@acmecorp.com via the domain aliasing capability.

Local Mail flow on acmecorp.com domain:

  1. GApps to GApps: An acmecorp user of the GApps system sends a mail to another acmecorp user on the GApps system. This mail is routed internally within GApps and delivered to the recipient.
  2. GApps to Mithi: An acmecorp user of the GApps system sends a mail to another acmecorp user on the Mithi system. Since the recipient ID is unknown, GApps will route this mail via the catchall configuration to the Mithi server. The Mithi server accepts the mail and delivers it to the recipient’s mailbox.
  3. Mithi to GApps: An acmecorp user of the Mithi system sends a mail to another acmecorp user on the GApps system. The Mithi system will attempt to deliver the mail to the acmecorp.com recipient on the Mithi system, who is configured to forward the mail to an alternate domain with the same user id (forward to alternate domain). E.g. if useronmithi@acmecorp.com sends a mail to userongapps@acmecorp.com, the mail delivery configuration of this user instructs the Mithi system to forward the email to userongapps@gapps.acmecorp.com. This is routed to the Internet as an outbound mail and is received via the GApps system on the MX landing points. Thus the GApps system receives a mail for userongapps@gapps.acmecorp.com, and because of the domain alias configuration of the gapps.acmecorp.com domain and the acmecorp.com domain, the mail is delivered to the userongapps@acmecorp.com, which is then delivered to the recipient’s mailbox locally.
  4. Mithi to Mithi: An acmecorp user of the Mithi system sends a mail to another acmecorp user on the Mithi system. This mail is routed internally within the Mithi server and delivered to the recipient.

Outbound Mail flow:

  1. GApps to Internet: An acmecorp user on GApps sends a mail to an external recipient. This mail is routed to the Internet directly from the GApps system.
  2. Mithi to Internet: An acmecorp user on Mithi sends a mail to an external recipient. This mail is routed to the Internet directly from the Mithi system.

Virus and Spam control:

  1. Since MX is landing on GApps, the spam and virus scanning for all the mail is done by the GApps system. Thus the spam scanning on the Mithi system is disabled since it is redundant.
  2. Outbound mail from GApps are scanned for Spam by the GApps system
  3. Outbound mail from the Mithi system are not scanned for spam.
  4. The virus control engine is enabled on the Mithi system and all mail (inbound, outbound and local) are scanned for viruses.


To ensure that the recipients can perceive the hybrid mailing system to be one, its important to configure the SPF record to contain the IP addresses of the outbound relay servers from both GApps and the Mithi setup. The SPF record has to be configured with your DNS service provider.

Address Books

The Mithi users will see the entire address book since all the 1000 users are added to the directory (although 100 of them will not have their mailboxes there). This makes it possible for the users of the Mithi system to see a complete global address book comprising of all 1000 users. As for the GApps users, they will only see an address space of 100 users unless you can populate the Global address list on GApps with all the 1000 users and also maintain this during provisioning (Adding and deleting users)


The users on GApps and Mithi will maintain their own passwords in the respective directories and via the respective interfaces. The password policies etc will apply from the separate systems respectively.


Using this kind of coexistence, it is possible to achieve seamless mail flow, but not possible to have archiving done for all mail of all users at a single point. The archival will necessarily need to be configured at two different points, viz. for the 100 users on GApps and for the 900 users on the Mithi system.

Cross References:




Posted in Collaboration Infrastructure | Tagged , , , , , , , , , | Leave a comment

The One Page Execution Plan for a business of any size


Is your business stuck in a low/no growth rut? In your business, do you observe any of the following symptoms


  1. Your company consistently misses financial targets (even realistic ones)
  2. Your company consistently is unable to achieve all that it sets out to do (Goals)
  3. Many team members complain of lack of clarity in what is expected of them
  4. Many a times, you produce something which is not really required at that point in time
  5. Most days, you come in and start the day afresh with new ideas and next best thing to do. Its as if there is no continuity (And you dont just leave it an idea but change priorities of the relevant teams and put it to play.)
  6. … and so on and so forth.

In other simple words
“You keep feeling that you are just not getting there”


Analysing why a business experiences such symptoms, could be the topic of a big book (several books). And hundreds of books/articles have been written on this subject. A lot of businesses and consultants exist to just help your business go past such constrictive phases.

The problem could be in many parts and aspects of your business. From something as basic as whether there is need for your product in the market, Funding, to your strategy, to your team composition and right onto the execution where the rubber meets the road.

My purpose here is to help you sort out ONE possible cause for this, and that relates to point 4 above (execution). Hence I assume that your product has an accessible market, you have adequate funds, and your strategy is good, working by proof to some extent.

ONE possible Cause of poor execution
In our own business (Mithi) over the last few years, we have grappled with issues that come with scaling up and scaling out and experienced similar symptoms along the way. We were quite sure of our product, service and market since that was proven over the years by consistently releasing solid product versions and acquiring large marquee customers whose businesses depended on our solution. When we embarked on a program (strategy) to REACH out to more customers, acquire and service them in high SPEED, and at the same time continue to grow in PRODUCT EXCELLENCE, our ways of working and our systems were severely challenged by these new goals.

Looking deeper we discovered that one reason for us slowing down was lack of ALIGNMENT amongst teams (to some extent the teams were pulling in different directions and their efforts and results were not adding up CONSISTENTLY to the final goal). Put another way, given ENOUGH TIME, we would “GET THERE” for sure. But it would be an excruciatingly slow journey


We felt that to fix this execution gap, we needed:
I. Clear unambiguous TARGETS CLEARLY COMMUNICATED to the teams
We broke our targets into two types viz. Leading Indicators and Lagging indicators.

Lagging indicators are numbers which measure the results you wanted for your business. Typically financial targets and may include numbers like number of customers acquired etc.

Leading indicators are numbers which measure the output of the activities that you chose for achieving your business targets. E.g. number of mailers sent out, number of calls to be made, number of product releases to be done, etc.

While deciding these, you must be able to make the connection that consistently achieving the Leading indicators (execution of chosen activities/initiatives HAS a very high chance of achieving the Lagging indicators (results)

II. Clearly documented milestones, which are repeatedly communicated to respective teams

  • The strategy had to broken into short term, medium term and long term projects/initiatives for each department with monthly milestones defined.
  • The monthly milestones to be further broken down into weekly milestones
  • The above to be DOCUMENTED top down, and CLEARLY COMMUNICATED to each department’s team REPEATEDLY

Note: The above projects if viewed from a birds eye, should give an indication of each initiative adding up to take the company TOWARDS its goals. In this definition, the sequence of events and date/time based milestones have to be properly thought out. E.g. a particular initiative, lets say promoting a new feature in the marketing department obviously cannot happen unless the feature is ready and released by the product team.

III. Routines
Never underestimate the power of routines. These define the activities to be done periodically for the entire company. E.g. the marketing team to send weekly mailers, the product team to do perform daily builds and daily upgrades on the inhouse servers, daily monitoring of critical resources, monthly team meetings, etc.

I plan to write a separate article on routines, but suffice it to know that consistently performing routines, day on day, week on week, month on month can add up tremendously to achieving solid depth and results in those areas of work.

Routines also bind the deliverables of each team, since there is always an interdependence.

IV. Weekly Reports to indicate progress
You need indicators to show progress (or the lack of it) and not “touchy feely” discussions. Establish a system to generate weekly reports on all agreed upon leading and lagging indicators and don’t just stop there.

V. Have Weekly reviews, around the indicators to course correct
Have weekly reviews around the reports to understand the gaps in execution, decide upon the changes to the plan, make the changes to the overall plan and proceed into the next week.

One of the most important things about this is that the execution plan should be available in one page to allow that top view (which is what is typically missing once you deep dive into the execution). Looking at this weekly will reset your vision to the targets and the milestones and this very simple exercise itself will increase clarity and dramatically increase your chances of reaching your targets.

Its not a new science that you must define targets, define a strategy, break it down, clearly communicate it and follow through on it. Such methods are followed by thousands of successful businesses around the world. Via this post, I am not really proposing a radically different way of execution, but just a simple tool to tie up all the elements required for effective execution (will talk about this in my next post)

In essence it is about

  1. All of you agreeing to the direction to go
  2. All of you having the necessary team work to pull in the same direction
  3. All of you being result foccussed by measuring and course correcting continuously

Is any of this rocket science? Of course not.

Do you follow this in your business? You may want to ask yourselves?

Posted in Getting Better | Tagged , , , , , | Leave a comment

How does Connect Xf or Mithi SkyConnect prevent email spoofing?

Q We have our hosted setup and we had one very bad experience of an email compromised after sending. It was in between changed/manipulated and sent to the recipient. That resulted in major loss. The  originator did not send that content in the email. Will hosting in Mithi Cloud prevent it? How?

What you are describing is called “Email Spoofing”. A user sends a mail but makes it appear as if it was sent by another user. There are various ways “spoofers” achieve this:

To explain the scenarios, lets take an example: Ravi and Smita are colleagues in the same organisation and Ravi sends a mail on behalf of Smita (Ravi has spoofed Smita’s email id)

1. Ravi hacks into Smita’s email box (since she has a weak password and the email system doesn’t have any password security in place e.g. password history, account lockout, password age, etc) and sends a mail on Smita’s behalf. In this scenario the mail has gone from Smita’s account, but she is unaware of it.

From a Mithi solution perspective, the chance of this happening is vastly reduced by applying the following security policies for each account

  • Strict Password Policies to ensure complex password, regular password rotation, automatic account lockout on several unsuccessful attempts and always fresh passwords by referring to the password history.
  • Access control to define which services the user can access and the trusted network ranges from which the user can access the server.
  • Mail Policies to control whereall each user can send mail and under what condition.
  • Every mail send request requires authentication by the a valid sender in the network.

2. Ravi impersonates Smita: Ravi connects to the organisation mail server, authenticates using his own account but sends a mail containing Smita’s email id in the “From ID” header. When the recipient gets this mail, it appears to have been sent from Smita’s email id. This is possible with mail servers which have a weak authorisation system.

From a Mithi solution perspective, this can be prevented by applying the following security policies for each account

  • Email Spoof Check: This means that if Ravi is authenticating then the mail should also contain ONLY Ravi’s email id in the “From ID” field. If the authentication id and the From ID don’t match, the mail will be rejected. Here is a detailed explanation on how email spoofing is prevented in Connect Xf.
  • Domain Spoof check: This means that if a mail gateway server in the client’s premises has been authorised to send mail via Connect Xf/Mithi SkyConnect, the mail originating from that server must belong only to the listed domains. This prevents the mail gateway server from sending mail from foreign domains (open relay) in case it gets compromised.

3. Ravi impersonates Smita from an external mail system: Ravi sends a mail to the recipient on Smita’s behalf but by using an external mail server or mail sending toolIn this method, Ravi sends a mail using a tool and using the services of an open relay server on the Internet or by creating his own server. He composes the mail and sets Smita’s email address in the mail header (MIME structure).

Modern mail servers and mail landing services, now easily detect this by

  • IP reputation of sender. The IP of the server from which the mail originates should belong to the sender’s domain as designated by the Sending organisation in the SPF record in the DNS. Hence, while Ravi will succeed in sending the mail, the recipient server will reject the mail in all likelihood due to bad IP reputation.

In case the recipient mail server doesn’t have strong policies, it may accept the mail and deliver it to the recipient and the mail may appear that it came from Smita. On closer inspection of the mail, it is possible for the recipient to determine that it is a spoof however, but this needs technical expertise of understanding mail headers.

4. In transit  modification of mail.Normally mail can sniffed in transit (i.e. the contents can be read) and modified at hop points by mail administrators if they have the privilege. Under normal working conditions these are rare situations. However from a Mithi deployment perspective we ensure that the following practices are followed to bring the chance of this happening to near zero

  • SSL/TLS: All access to services happens over secure encrypted layer. This means that all the data flow from client to server and server to server is encrypted over SSL/TLS.

Considering all the above systems deployed by Mithi SkyConnect, there is near zero chance of a spoof mail making it through the network

Other references:

  • http://www.mithi.com/connectxf-datasheet-mailpolicy/131.html
  • http://www.mithi.com/support-internalspamattacks.html
  • http://luxsci.com/blog/the-case-for-email-security.html
  • http://www.mithi.com/product-productdatasheet.html#Security

Posted in Connect Xf Email Server | Tagged , , , | Leave a comment

The Myth of Delegating Responsibility via Email

Yes! Yes! the post title has a contradiction, which is deliberate…please bear with me and read on.

Dropping the ball

1. Sales team requesting for special help from the product management team

Mail from a sales team member Maria to the product team member, Ravi
“Dear Ravi,  - Can you please create a comparison document between our product and the ZDF product and send it across to Mr. Sen of AcmeCorp asap. Your team is in the best position to create this since you have in depth competitive knowledge. – Cheers, Maria”

After a few days, when Mr. Sen followed up for the comparison document (He must desperately want your product to be following up for co-laterals from your ultra-responsive sales team), Maria exclaimed in surprise
“But I thought Ravi would have sent it to you. I had sent him a mail asking him to. let me check and Revert”

Angry mail from Maria to Ravi, with a CC to Ravi’s boss.
“Dear Ravi – Please explain why you didnt send the comparison document to Mr. Sen as per my instructions. The customer is very upset at this delay and lapse. Its shocking to have the customer follow up for documents he had asked for. This demonstrate how poor our response is. – Maria”

Response from Ravi.
“Dear Maria – Ooops!! when I saw your mail, I was kind of tied up with some other activities and the mail went out of site. I do apologize for this. I’ll get cracking on it right away. – regards, Ravi.”

2. A few escalation mail (amongst about 200 mail received daily) to the Service Manager.

The Service Manager’s response to each:

“Dear Mr. Customer – I’ll check on this with my team and revert by tomorrow. – regards, SM”

The next day the Inbox lands a few more and some reminders from the customers about their unattended complaints.

3. Minutes of the meeting being circulated among the attendees

4. Boss questioning a direct report.

Boss – “What happened about the meeting at Acmecorp? “
Ravi – “Hmm, I had sent a mail to Kavi to meet Acmecorp since he is in Delhi itself. Looks like I will have to followup.”
Boss – “But the issue is important and should have been attended before the last month end. We are late on this.”
Ravi – “I know, but I had instructed Kavi well before time. I would have to pull him for this lapse.”

I could go on writing scores of examples (several of which I myself encounter on a daily basis) of such hanging conversations, leading to delayed deliveries, misunderstanding among team members and eventually negative business impact. This is what we call “Dropping the ball”

So who is responsible for the outcome of the conversation?

Lets assume that Maria is running a sales process to work towards closing opportunities and at some stage needs help from a product team member. This maybe an exception. Under normal circumstances, the marketing material is well stocked and available easily.

Once Maria fans out the work, and gets busy with other opportunities, this issue is more likely to be off the radar. It would come to fore, only when Mr. Sen demands the document he asked for.

It should be noted that Maria is the owner of the work and is wholly responsible to deliver the document. Its upto her to ensure Ravi completes it on time. If Ravi cannot do it on time, she has to figure out alternatives. Whereas, the entire conversation above is about blaming Ravi for not completing the document on time.

Who tracks commitments and ensures they are kept?

To a lot of mail, the Service Manager simply writes a line that he would check and revert by tomorrow or on a particular date. These are again exceptions since under normal circumstances, where the customer is well served, there would be no escalations.

Once the SM responds to one mail and moves to the next and the next, until he clears his Inbox, he is more likely to have forgotten the number of commitments.

A commitment is an unsaid bond of Integrity between the two parties and is expected to be honored by the Initiator.

Who will take action on a mail work on the various different aspects of the written matter?

MOMs (Minutes of Meetings) put on record the happenings, but are many a times not clear directions for who will do what. And if there is anything to do.

There is an unsaid, unclear assumption by the sender that the various people receiving the mail have the necessary context and behavior patterns to recognize that the MOM is also giving their work some direction and setting the expectation for delivery from the recipients. But does this really happen?

So what are the various types of official conversations we engage in?

So it seems that in our daily official work using multiple channels (verbal, email, chat, social media), we broadly have the following types of conversations (I believe all conversations fit into one of these types, if you have some others, please do let me know)

  • Simply share information which doesn’t expect any response or responsive action. (JFYI-Just For Your Information notes, Forwards, Alerts, Reports , Thank you notes, Vacation replies, etc)
  • Have an ongoing conversation about a subject which simply is to collectively build knowledge, refine the idea and may or may not conclude in actionables for either parties. (Ideating, Feedback, Working out the concepts, details about projects/Initiatives, etc)
  • Request for help from a colleague and/or external agency (Instructing a colleague, Lodging a complaint, Request for comment, etc)
  • Make commitments to a colleague or external agency for completing the promised action by a certain date and time (Response from Customer Support, response to an request for help, deferring the action due, etc.)
  • Capture happenings and events as an official record for action and future reference. (Minutes of meetings, sending official documents like orders, quotations, agreements, confirmations, approvals, etc.)

So how can we “hold” the ball instead of “dropping it” while still having these unstructured conversations

There is no disputing the value of email or talking in having such INTERACTIONS/CONVERSATIONS or sending information from one person to another or from one person to many people. However these conversations may remain just conversations unless the sender has a way to track the expectation from the recipient and the receiver has appropriate systems in place to act on these inputs.

Unless Maria has a tracking sheet or TODO list, which records that she has fanned out the work to Ravi and is expecting it by a specified time, and this tracking sheet is reviewed daily by Maria as a practice, and the items dont go off the list until they are complete, the ball is likely to be dropped.

Unless the Service Manager flags those pending conversations for action later and/or puts calendar reminders for the commitments, the commitments are likely to be compromised.

Unless the one to many communcation is clear with instructions to named people, the message is likely to remain vague. This would need to be combined with a system like Maria uses.

Unless Ravi can track the fact that he has fanned out a meeting to Kavi, and Kavi tracks that as an item/event to be attended to, the chance of that being missed is high (thanks to high level of interruptions)

So how do I manage my conversations

When I observe my way of working (also considering the large number of emails which make their way to my Inbox), I have developed this habit of scanning my mailbox 2-3 times a day by :

  1. Marking a mail as READ without opening based on sender and subject, if I am convinced it has no value to me at all at this point in time.
  2. Respond/Redirect mail ON THE SPOT, which don’t need too much analysis, design, review etc. Typically approvals, acknowledgements, re-directs, shares etc. This means I dont have to revisit this and the task is complete.
  3. For mail which need some work or review with my team, make a commitment with a date and time and RECORD THIS COMMITMENT in my TODO list/Calendar (I am old world guy and a traditional TODO list in notepad works best for me :-) )
  4. For the projects which I am working on, I may fan out tasks to my team members, partners, external agencies, etc and I RECORD THE INSTRUCTION in my tracking sheet/project planner so that I can look at them daily and follow up in case the “ball has been dropped”. This way I stay on top of the deliverables and its my responsibility.

Hence to put it simply my email box is NOT my workbench. Instead my TODO list, Calendar and Project planning sheets are my workbench. Email is just a carrier.

If the sender and the recipient can use these simple ways to track the work allocated, the benefits cannot even be measured.

On a larger scale how does this work

While the methods discussed above will work quite well for individuals, what should we do for email ids which are contact points for very large number of conversations like the customer support email id, sales email id, etc.

The most popular and most reliable way to handle this is to deploy a ticketing system which is hooked into the email system.

Thus the customer sends an email, which is automatically converted into a ticket with a unique id, the support staff have a special common interface to access these tickets, respond to them from the ticketing interface and also collate all back and forth responses into the same ticket to track the entire conversation, which may span across days. Thus inflow and outflow happens over email but the conversations are collated and tracked in a database and accessed via a special interface.


Sending out an email or a giving verbal instruction does not ensure that the task will be done, even if both the parties are highly committed. A system is required, which is more than the email inbox,  to support their functioning.

At the end of the day, the originator of the work is the person whose responsibility it is to see that the work is completed or the desired outcome of the conversation is achieved.

You can never really delegate responsibility! (the contradiction in the blog post title)

The medium of the conversation then is only about deciding the best, most suitable form to transport the information, present it and build understanding.

I would love to hear from my friends on their own work experience with conversations.

Posted in Getting Better | Tagged , , , , , , , , | Leave a comment