We've been hearing a lot lately about the importance of data-leak prevention; do you view the internal threat to be more dangerous to an enterprise than the external threat?

It differs by industry, just how threatening it is. If an employee really wants to take data, they can print it out, they can do it in [different] ways, and there's just no way that you could stop them. To think you're going to come up with a foolproof solution to a [determined] employee who wants to get data out of your company, I think that's almost impossible.

But taking some prudent steps and looking at what's leaving via e-mail or the Web is important, and increasingly being demanded by customers, especially in various segments such as financial. I don't think it's an industry-toppling problem, I think it's more 'I'd like to check that box and say we're monitoring it.' Not to say there aren't instances . . . of intellectual property leaving the building.

After years of spam volumes declining, 2006 saw a significant increase in the amount of junk headed for in-boxes. What's going on?

The rise in volume . . . is because more people are getting into the business, and the people that are in the business realize spam's a money-maker. People have a profit motive to get into that business; it's not just for fun, now you can really make some money. It's a team-on-team sport, we [antispam vendors] try to field the best team and come up with defenses but . . . the reality is these guys have test accounts on every major ISP; they're like a dog with a zap collar, they keep trying the fence until they find a weakness and pound it unmercifully.

The weakness last year was image spam, which was really a difficult problem to solve. These guys figured out they could send an image and by randomizing a pixel they could make it through traditional spam filters. But it's like airport security -- we weren't having people take their shoes off until [Richard] Reid tried to blow one of his shoes up. We didn't have to check our water, then someone figures out you can combine two liquids and make a bomb out of that, too. [Spammers] are innovative, and we've got to stay on top of them. When we see something new or different, we've got to plug that hole immediately. Things like [when] spammers figured out this past year that many spam filters rely on humans to write rules, and humans have to sleep and don't typically work on Sunday nights, so they send all their spam between 2 and 4 AM, in a very short window, and it just zipped past all these folks. We see innovation [with the spammers] and we have to innovate as well.

What is the next set of features that communications-security vendors must add to their products to remain competitive and keep up with enterprises' needs?

We just bought PostX; encryption by and large hasn't been rolled out in e-mail, it seems absurd since for every important Web transaction we immediately go to a secure pipe, but everything in e-mail flies over the Internet in free text. I think authentication [for e-mail] is something people are starting to take seriously.

Image analysis is becoming increasingly interesting, watching what's coming in and going out via images, since most images now are sent via e-mail.

You've been tracking spam for a long time. What's your favorite spammer trick?

Every one is a little amusing. [For example] putting fake text in [a message] from books that might be Homer's Odyssey. Antispam engines put a score on how spammy each e-mail is, if it has capital letters, if it has a link, there are many different vectors when trying to determine [spam]. One of my favorites is when the spammers put things [into messages] to improve their scores . . . to hoodwink the filters. It's like dressing up in a disguise to get through airport security: 'If I'm dressed as a police officer, maybe they won't shake me down so much.'