Merce Broadside was designed with a few key goals in mind.
High throughput. This is the raison d'etre of Merce Broadside. At the lower end, using a single off-the-shelf Intel server, Merce Broadside must be able to deliver one million emails per day, sustained, each with a modest binary attachment payload.
Scalability. The second most important requirement was to be able to scale up volumes by adding more hardware and Internet bandwidth, reliably and securely. The scale-up must not compromise the simplicity of the administration and management interface.
A shared resource. A Merce Broadside system should be easy to share among independent groups or departments, without the actions of one group affecting others. Only if a large Merce Broadside system is sharable securely will the investment in such a system be justified. In many organisations or government departments, the different mass messaging applications have independent calendars and usually require these services in short and very intense bursts, thus making a single shared resource the most practical. Access rights should be assignable to different groups to allow them high freedom to manage their own applications without being able to destabilise the overall system or gain control of other applications.
Security at all levels. A mass messaging system has unusual, multi-tiered security requirements. A Merce Broadside system needs to be secure in the same way in which any device connected to the Internet needs to be secure. In addition, a mass messaging system needs to support security measures and policy enforcement to ensure that inadvertent or malicious use of the system does not impacts its ability to function as a source of large volumes of legitimate emails. Today, any source of large volumes of email on the Internet is scrutinised closely by recipients, and even accidents may dramatically reduce the credibility of a Merce Broadside system. Therefore, preventing such accidents is an important design goal. In some senses this multi-tiered security challenge for a mass messaging system is akin to the security threats of an armoury or ammunition storage magazine --- security must protect against intruders as well as accidental explosions.
Auditability. Email communication has come under scrutiny from a variety of angles today as part of tightening standards of corporate governance. Therefore, any system designed to send out millions of emails per day must have unambiguous and detailed logs and archives to allow post facto audit of all activities and data flow.
Self-healing design. A Merce Broadside system is expected to be kept in operation 24x7 by its larger customers when a batch of messages is in transit. During such periods, any instability due to internal or external reasons must be detected automatically by the system and reported to administrators. The defective component must be bypassed automatically or even corrected automatically wherever possible. A lot of innovative design decisions have contributed to this goal.
