Why I Just Invested in Goodmail

How many letters have you snail mailed lately? I think I send about 10,000 emails for every letter I write. So why do enterprises who communicate with millions of customers continue to cut down trees and pay to print letters and envelopes have them physically carried around the world with hundreds of times the cost and latency of email?

The reason for this financial, environmental and logistical absurdity is that you'd have to be nuts to open an email from Bank of America, since most emails that are purportedly from Bank of America are not from Bank of America. They're actually from The I-Need-A-New-Mercedes Bank of Leningrad (or Budapest, or Tel Aviv, or Shanghai...). Furthermore, the ISP who delivers consumer email has no idea which hyperlinks and images are safe, and so as a policy the ISP strips all links, media and scripts from the email, rendering the medium rather useless to you and Bank of America.

The textbook solution to this problem is nearly impossible. You'd have to set up auditing procedures to authenticate all legitimate senders, and monitor the senders' behavior to ensure that they never engage in bad practices like spreading malware or spam. You'd have to examine every script and media object they wish to transmit. You'd have to set up and operate cryptographic infrastructure to establish the integrity of the message from the sender's computer all the way to the inbox (i.e. no added viruses or such). You'd have to convince the ISP's who provide web interfaces to change the way they process their email streams based on the cryptographic tokens attached to the messages. The ISP's would then have to explicitly distinguish for users in their web UI which messages are trusted. And then you'd have to convince businesses that they should pay a transaction fee per email to fund all this infrastructure.

Only one startup was crazy enough to try this. With some amusement, I watched Daniel Dreymann's team for three years trying to line up all these ducks. Suddenly, in September, I heard quacking. Mountain View-based Goodmail had actually signed up ISP's representing over 300 million users (including most of the consumer ISP inboxes in the US and Europe), deployed the necessary cryptographic infrastructure, and delivered over three billion CertifiedEmail messages that month on behalf of Time, StubHub and other commercial and non-profit senders.

That's what I call an industry standard solution to a big problem. So last week I invested in Goodmail and joined the board, alongside Scott Kurnit, Don Hutchison, VCs from DCM, Emergence and Softbank, and GoodMail's new CEO Peter Horan (former CEO of About.com).

It was a pretty easy decision for me, having done okay funding email security companies in the past. Worldtalk, Tumbleweed and ON developed email security and each went public before being acquired. Cyota and Postini developed anti-phishing and anti-spam services, and they sold for great prices to RSA and Google, respectively. And in 1995 I started a little company in our offices called Digital Certificate Inc. to build a similarly ambitious cryptographic infrastructure and ecosystem for securing web sessions (we later changed the name to Verisign).

The cost of sending CertifiedEmail is 0.1% that of sending a paper statement, invoice or brochure, not to mention the environmental imperative. Thanks to Goodmail, businesses can now send CertifiedEmails, and we can all safely open them without wearing rubber gloves.

Blogged with Flock

My Halloween Treat: OpenCandy

Despite rumors to the contrary, venture investors are still funding innovative and disruptive startups. My latest Series A investment, announced today, is OpenCandy, which I co-funded with Tim O'Reilly and Reid Hoffman.

Not every (any?) great software application comes from Redmond. Today more than ever individuals and small teams of programmers in every country of the world develop great applications that wither on the vine for lack of visibility and a business model. OpenCandy's technology promises revenue, cheap distribution and free analytics to programmers who may not have their own big marketing departments.

OpenCandy's first product is a recommendations engine that operates in the install wizard of downloaded software. While working for their prior employer DivX, the OpenCandy team discovered that users are far more likely to consider downloading new software while they're in the middle of downloading something else. This observation led them to embed software offers in DivX downloads that now generate $20 million annually for their former employer.

"OpenCandy is taking a proven Web 2.0 model--the ad network--and applying it to software installation. It's very clever. And it will probably work." -- CNET

OpenCandy's recommendations include a mix of free and paid recommendations, depending upon the preferences of the publisher. They do not interfere with the original download, commencing only after the current installation has completed. Here's an example of OpenCandy at work for Miro (a BitTorrent player for RSS video) and Audacity (by far the the best sound recording/mixing tool I've ever used):


Software developers who wish to participate as either a recommender or recommendee should contact co-founder Chester Ng at OpenCandy. He and OpenCandy CEO Darrius Thompson started the company earlier this year. They run a talented but scrappy team in the true tradition of Get Big Cheap. And I'm betting they'll prove that great software is like Halloween candy: you can't eat just one!

Blogged with Flock Browser

Take Back the Web!

When Tim Berners-Lee conceived the web, he dreamed of inter-connected documents, of surfing along from one person's page to the next, following a fluid path rich with information and discovery.

Instead what we we got is a big honkin' billboard, as commercial interests hijacked Tim's vision. Just look at any popular web site today and you'll find only two kinds of hyperlinks -- paid ones and self-referential ones (that keep traffic from leaving the domain). The only relevant links come from portals like Google that monetize search. So instead of deeply browsing the web, we search and click, search and click, search and click... So much for friction-free information and serendipitous discovery.

The web will remain captive to publishers until users exercise control over the hyperlinks that define the web's structure. GreaseMonkey, an open source platform for Firefox scripts, promised some relief to users who want control of their web content and links, but it proved far too esoteric and insecure for mainstream use. The startup Hyperwords also provides some relief to users who wish to right-click on words in web pages to perform an operation like search, blog or email, but Hyperwords requires new user behavior, and does not provide any element of discovery.

So 18 months ago my partner Justin Label and I started cooking up a startup to save the web. We conceived of a platform for creating and distributing mash-ups transparently and securely so that you can pick the news sources, e-commerce vendors, reference materials, social networks, media stores, etc. to which your web pages link. We even hoped to mash your web content with personalized objects (e.g. how closely are you LinkedIn to people you read about?), in-page media (e.g. streaming music) and fewer ads. We called it MashLogic.

Bessemer funded the newco, and we recruited search jock Ranjit Padmanabhan (right) and GreaseMonkey scripter Johan Sundstrom as co-founders. After 15 months in development, we're very excited to release a Beta product today, with 100 invites available here. Beta invites are also available on TechCrunch, where just this morning Arrington reviewed the product quite favorably:

"It's a frickin' swiss army knife for hyperlinks... So far in my testing, they've nailed it... I'm putting this on my must-have list of Firefox add-ons."

Obviously there are still wrinkles to iron out. Today we support both major browsers -- Firefox and Flock :-) -- but of course we'll import the plug-in to IE and Chrome.

To be clear, Mashlogic is NOT like Snap, Flyswat, Adaptive Blue, or any of the other startups who try to convince publishers to embed their javascript. We 're not in this to help publishers by giving them better pages full of ads and self-referential links. We're here for users. Which means that we never inject ads or sponsored links into our callouts, and we never add or remove hyperlinks to suit a publisher. We even let users prioritize sources of information, so that a Wikipedia link might trump TechCrunch, or vica versa. The publisher's original links are kept on by default, but you can subordinate them to the other mashes or turn them off altogether. We don't expect mercenary publishers to like us much.

So how do we plan to make money? Once we restore benevolent hyperlinking to the web, many of the links people choose to embed will relate to e-commerce that pays us affiliate revenue for enabling those links. For example, if you like the Expedia mash that displays and links you to the best fares from your location to any destination you read about on the web, we'll get affiliate consideration. So we're motivated to offer up mashes that you'll want to activate.

We know it's unconventional for big VC's to start with an idea and money and then find the team, but every once in a while the opportunity is important enough to warrant the work. As a plus, this approach means that we get to pick the best team in the world to execute the concept, rather than the team that happened to think of it. (This worked for me once before, when I started VeriSign the same way.)

I could show you screen shots but you really have to try it to get a sense for how MashLogic changes the web (you can partially preview the experience here but today our web site may be super busy). Please do comment with your feedback on the product, and let us know how else you might like to mash the web. Not only will we add lots of new mashes, but we're going to open the platform so that even non-programmers can create and share their own mashes in 5 minutes.

I hope you enjoy the new web on MashLogic, and if you see Tim Berners-Lee, tell him that we've got his back.

Blogged with the Flock Browser

Internet: Threat Level Red

Yesterday a Bessemer company rescued 42% of the internet...

As you probably read about in news coverage of the recent Black Hat conference, Dan Kaminsky brilliantly discovered a catstrophic vulnerability in the internet's Domain Name System (DNS). The vulnerability permits a hacker to "poison the cache" of DNS servers with incorrect IP addresses -- a phisher's dream come true. Even better for hackers, the vulnerability allows them to intercept email traffic so that they can collect our passwords simply by asking the bank's login screen to email forgotten passwords. They can fool Certificate Authorities into issuing them valid SSL certificates so they can spoof your bank with compelling authority. And lots of other nasties, too.

The Domain Name System is a distributed network of directories residing in programs like BIND and Nominum that respond to queries from network clients (browsers, email, VOIP...). By far the most common query is "What is the IP address of the domain name AAA.BBB ?" Thanks to DNS you can remember names (amazon.com) instead of an address (66.98.140.0). If your DNS server doesn't have the answer, it asks another DNS server, and then remembers the answer in its cache for some specified period of time before that record expires.

The "Kaminsky Attack" starts with a request for a DNS lookup and follows up with a message to your ISP's DNS server posing to be from an authoritative server. The fake message poisons the server's cache with an incorrect IP address, such as that of the hacker's fake Citibank web site. While cache posioning had been theorized before, it had always been an impractical attack, since the hacker never knew exactly when the DNS server would need to refresh an expired record. Kaminsky observed, however, that if a client asks a DNS server for the address of foobar.citibank.com (a non-existent sub-domain of citibank that the DNS server doesn't have in its cache), the server will ask its authoritative server for the address, and get tricked into using that fake IP address for all variants of citibank.com. To spoof the authoritative server, the hacker's fake DNS message has to have the right transmission ID, but there are only 65,536 possibilities. Each time the hacker tries, she can probably send 200 different guesses before the real server can respond for real, so if you attack once every four seconds as Kaminsky tried doing, it takes an average of ten minutes to steal a domain.

Prior to announcing at Black Hat, Kaminsky worked responsibly, diligently and quietly with several vendors to prepare for the announcement. I'm familiar with the effort because one of my portfolio companies, Nominum, is among the teams who prepared for the announcement. Nominum's chief scientist Paul Mockapetris had in fact invented the Domain Name System, and the NY Times has recently reported that his company's industrial strength DNS software now serves 120 million broadband internet subscribers through nearly 100 ISPs. In his presentation to Black Hat, Kaminsky graciously called out Nominum for moving quickly to protect 42% of all broadband internet subscribers from exposure to the Kaminsky Attack.
The other 58% of the internet is not so fortunate. The vast majority of those DNS servers run the antiquated freeware called BIND. The International Software Consortium moved fast to patch BIND, but the patch is not very effective, mostly undeployed, and reportedly unstable. (On July 28 BIND's lead architect Paul Vixie issued an email bulletin warning of performance issues with the patch.)

The BIND security patch randomizes the port used to ask other servers for help, so the attacker has to guess the port as well as the transmission ID. But hackers do have, you know, computers that can make lots of fast guesses. So the patch simply extends the attack from minutes to hours - still pretty easy for the bad guys. Sure enough, John Markoff reported in the NY Times last week ("Leaks in Patch for Web Security Hole") that Russian physicist Evgeniy Polyakov broke the patched security in 10 hours. (You can run Polyakov's exploit yourself.)

In addition, most DNS servers live behind routers, firewalls and load balancers that run Network Address Translation, which converts the randomized into an orderly sequence. You don't have to be a Russian physicist to break that scheme.

Unfortunately, there's about an even chance that you're reading this from an ISP running BIND. Patched or not, you're exposed to pharming, and many carriers and enterprises lack the awareness or motivation to act. Indeed, I heard one CIO of a major brand name financial institution declare immunity from Kaminsky attacks because he has "three layers of firewalls," as if his firewalls block the DNS ports.

The good news is that yesterday Nominum announced a new release of their DNS server that layers on several new defenses on top of port randomization. For example, Nominum's server treats the flood of wrong guesses as an attack, so instead of waiting for a the right transmission ID and accepting the spoofer's poisonous payload, Nominum logs the IP address of the sender.

Here's how Dan Kaminsky reportedly responded to Nominum's announcement:

"Layered defenses in the DNS system are an effective way to address serious attack scenarios that aren't covered by UDP Source Port Randomization alone. As new DNS vulnerabilities are discovered, a layered approach such as Nominum's will help in ensuring ongoing Internet security."

Blogged with the Flock Browser

Bessemer Pulls a Hat Trick!

Congratulations and thanks to the teams at Sirtris, PA Semi and Gracenote, three Bessemer portfolio companies who all signed and announced their acquisitions in the last 12 hours.

Sirtris, the startup that cheats death, fetched $720 million from GlaxoSmithKline. This company, whose sirtuin activators have been touted as the fountain of youth (at least for overweight laboratory mice), was the brainchild of serial entrepreneur Christoph Westphal, a Harvard trained doctor and geneticist. Chris Gabrieli (pictured right) and Steve Kraus led the investment for Bessemer (huge hat tip to Jonathan for the intro--we owe you one!).


Meanwhile, Gracenote--that music database in the sky that tells us all what song, artist and album we're listening to on our PCs, in our iPods, in our CD players, and increasingly in our cars--has fetched a $260 million price from Sony. Special congrats to founder Ty Roberts (pictured right), CEO Craig Palmer, my partner Jeremy Levine and our co-investor Sequoia Capital.


And finally, Forbes reported just minutes ago that Apple has disclosed its acquisition of PA Semi, the innovator in power efficient microprocessors. PA Semi was the brainchild of DEC's rock star chip designer and Sibyte founder Dan Dobberpuhl (pictured right). Thanks to my partner Rob Chandra, who led the A round with help along the way from Ted Lin, Devesh Garg, Umesh Padval and Derrick Lee. Congrats as well to our co-investors Venrock, Highland and Focus.

Blogged with the Flock Browser

RedHerring Interview: Security and VC Blogging

Is BVP too Flashy?

When Henry Phipps established his family office a century ago, he kept his name off the door, choosing instead to honor the scientist Henry Bessemer who invented the technology that he and Andrew Carnegie had commercialized. Ever since, Bessemer has followed a tradition of quiet privacy, settling in the shadows of our entrepreneurial partners. We’ve had no PR agent. No splashy sponsorships. No publication of our results. (And no promotions for our blogs.)

But for those entrepreneurs who consider sharing their dreams with us, we need to share our story with them. As early as 1998 we published a web site celebrating our entrepreneurs’ successes (and lamenting our failures) in a graphical motif that evoked our turn-of-the-19^th-century roots. Since then, BVP.com incrementally sprawled, as web sites do, into an aging maze of unmarked avenues and back alleyways. Pre-occupied with our portfolio companies’ online presence, we neglected to renovate our own internet lobby.

But recently we crossed the point where we invest more venture capital internationally than we do domestically. Engaging new communities of entrepreneurs curious about our practice, we asked our IT Director Fred Shilmover to streamline our web site with 21^st century technology and a Googlish respect for the web user.

Our design objective was to tell our story without getting in the way of what a visitor wants to find. Even with 6 offices around the world, 100+ IPOs under our belt, and 96 years of history, we strived, above all, for clear, simple navigation.

With help from web designer Twig Gallemore, we crafted a tight site map around three simple menu options (TEAM / PORTFOLIO / CONTACTS) and filtered portfolio search options, to deliver quick answers. But to satisfy the entrepreneur who wishes to stroll around and browse, we also incorporated sliding photo albums in the header, as an alternative navigator through our history, team and offices. (Technical kudos to Flash god Erik van der Neut.)

There are clear tradeoffs to building our site around a Flash element. We have critical performance issues to resolve, browser support varies (it’s best viewed in Flock!), much of our content lies hidden from search engines, and we still need to redirect many links.

But I think that the newly launched www.BVP.com achieves our design goals. Do you agree? Is it what you’d want to see from your venture capital partner?

Blogged with Flock