Startup lessons: An interview with Carl Mercier

Last week we learned that Defensio was sold to Websense. Given that the Defensio team got to an exit without the aid of outside investment, I thought there would be some hard-fought lessons there for other entrepreneurs.

I was right. Here’s my interview with Carl Mercier, founder and CEO of Defensio. Enjoy!

Can you tell us how and when you got started with Defensio?

I first started working on Defensio (then code-named Mailagio) around November 2006. The original idea was to build a better/easier hosted email anti-spam. Around March 2007, I hired the company’s first employee, Camilo Lopez and we moved into our awesome first office: 1,000 square foot in an old tobacco factory. Monthly rent: 270$/mo. (electricity included mind you). It was definitely no fancy office and we didn’t even have hot water, but we loved it. It was big and certainly had a lot of charm. Who can resist salmon pink walls? What I liked most about it was obviously the rent. Bootstrapping means you have to do some compromises sometimes! In true startup fashion, we had free snacks, a ping pong table and lots of fun.
In May 2007, employee #2 joined the company: Mat Balez. Mat is an awesome guy. He mainly focused on the biz dev side of things, which allowed me to focus on leading the development. There was only one problem with Mat’s employment, he had to move to Europe ~ 6 months later. I still thought we needed his talent, so I accepted to have him on board for a short period of time.
At this point, we were still working on the email stuff and were getting pretty far along. Definitely not close to a launch, but we were making significant progress and we had awesome accuracy. Shortly after Mat joined, he started noticing that people were complaining quite a bit about comment spam. Among them, Robert Scoble was complaining that he was getting so much that it was simply impossible for him to go through his quarantine to find false-positives. Other bloggers were so overwhelmed by the problem (managing spam, bad accuracy of existing solutions, etc) that they were closing comments on their blogs. We thought it was a great opportunity for us. We figured that a lot of our technology could be used to fight comment spam and we knew we could do better that what was out there at the moment. So we did…
Initially, I thought that the comment spam project would take us 3-4 weeks. Looks like I was dead wrong on that because 1.5 years later, we’re still working on it! The idea was to kick some butt with our new comment spam filtering system, bloggers would love us, spread our name, which would then allow us to have a much more successful launch for the email anti-spam product. In retrospect, I still think it was a good plan (given what we knew at the time). The only problem is that in the meantime, Google acquired Postini who would have been our biggest competitor. We had a great team, but I don’t think we were quite ready to go head-to-head with Google. Defensio (as you know it today) was doing so well that we decided to dedicate all our efforts to it.
We ran a private alpha for a few months with Ben Yoskovitz and Julien Smith, two Montreal bloggers. They fell in love with the product. They said accuracy was superior to Akismet and that the improved UI alone was worth the switch. In my opinion, I think that the fact we had great accuracy at this point was pretty impressive since in a statistical game, accuracy and efficiency is generally linked to the size of the corpus. Ours was still extremely small! We knew we had a winner.
In November 2007, we officially launched the service to the public as a “public beta”. We didn’t brag about the fact that it was a beta like Google likes to do, but it was. Soon after, Mat Balez unfortunately left for Europe. He now works as a product manager at Google UK.
Our code had quickly become a mess because it was basically a big hack on top of the email product. It was impossible to maintain and we were always scared to break things when making changes. Honestly, at that point, we were surprised that it even worked! In January 2008, we started a complete code rewrite with Merb (instead of Ruby on Rails). This process was long, expensive and risky, but it was absolutely necessary. We launched the new code around June 2008. A code rewrite means that we couldn’t really work on new features for all that time. It was obviously a big risk because competitors could have leapfrogged us. I would strongly advise against it, but in our case, it was critical for our long term survival. Better to plan for this ahead of time, but we didn’t. We just cranked out code as fast as we could. To be honest, we never thought our code base would grow so big either.

High level time line idea – 1st launch – 1st revenues – other milestones – exit?
Nov 2006: Carl starts doing research and working on Mailagio

March 2007: employee #1
May 2007: employee #2
~ October 2007: Digg pre-announcement
November 2007: launch
January 2008: started code rewrite
March 2008: employee #3
~ June 2008: launched new code based on Merb
Dec 31 2008: acquisition closed
1st revenue: not sure, but pretty early on
Can you tell us about the thinking behind your business model – free for individuals, 6 month trial for commercial sites? What worked well? What didn’t?

Our pricing and business model was very much inspired by Akismet who’s our main competitor. Because the line was so blurred between personal and commercial use, it became apparent very early on that strategic partnerships were our best hope to become profitable. Competing against a free product has obviously been challenging for us. We had to differentiate ourselves to be make it work.

Can you tell us about your experience in exposing your APIs? Was this beneficial? In your opinion should startups do this early or does it only pay off for companies that have a large user base?

Defensio is just an API really. I believe that web services are critical in this day in age and that every startup should expose their service this way, or at least to a certain extent. Early adopters are passionate and will spread the word about you. These same people are often developers, so you want to give them the goodies to make them happy. Our developer community has been critical to our success.
Nobody knows this, but our own website (which is a separate project from the API, and written in Ruby on Rails) gets most of its data from a private API. So not only do we expose a public API, but we also built a private API for our own use.

Let’s talk about funding. You bootstrapped. Can you tell us about your approach to funding Defensio? Did you always plan to bootstrap or did your thinking change over time?

My idea was to raise some seed funding (~500k) for the email anti-spam. When we switched gears, it was clear that the business model was changing considerably and that external funding was now out of question. I reconsidered the idea at one point, but we started talking to people about partnerships around the same time. I decided to stay the course and keep bootstrapping.

Today, I’m convinced it was the right thing to do. Of course, bootstrapping is not easy and you have to do compromises. Every dime came out of my personal savings from my previous startup. At the beginning, I was looking at our progress vs the cost every week and it was making me crazy. I always thought we were not making enough progress vs the money spent. But you just can’t think about that all the time. You just have to go with the flow and focus on what really matters: getting stuff done.
In a startup, saving money means surviving longer. And surviving longer means maximizing your chances to exit. Every dollar counts. For example, a VC funded startup I know has a 3000$ Mac Pro as their development server. Ours was a 50$ box I put together from old parts. It was just fine! Our work tables cost 80$ each. Other startups I know have 350$ work tables. Did this impact our productivity? I doubt it.
Staff is obviously the biggest expense in a startup. The most people we were at the same time was 3 (4 guys in total were involved). Developers like to do things they find cool or fascinating. Every week, someone would come up to me with a “cool” idea they wanted to implement. The 1st question I posed was: will it get us acquired? If the answer was no, well, we didn’t do it. If it made sense, we’d do it. It was that simple.
Focusing on the end goal is critical. A startup is a sprint AND a marathon at the same time. It’s a sprint because you have to be very agile, think fast, act fast and quickly adjust to the unforeseen. It’s also a marathon because you have to keep the same crazy pace for a long period of time. In our case, it was ~2 years. If you get distracted by things that don’t matter, you become less efficient and you lose, it’s that simple.

Make no mistake, I’m definitely not against VC funding. I just don’t think it should be the default route to take. If you’re building a 7/low 8 figure company, it’s probably your worst nightmare because exiting will be very tough: VCs won’t get the return they want and might not even let you exit at a “low” 5 million for example. And if you do exit at such a low price, the founders basically get nothing. I would encourage people to try bootstrapping. If their startup is hot, investors will come knock at your door and ask to invest. That’s a much better position to be in vs begging for money. Not only do you get a better deal, but you should also have a much clearer vision of where you’ll take the company at that point.

If however you’re building a company that requires a lot of capital, or that needs a lot of cash to stay afloat for a while, sometimes you have no choice. The right investors are often more important than just the money they inject in the company. For example, I was talking to Sam Altman of Loopt a few years ago and he was telling me how important getting funding from Sequoia and New Enterprise had been for them. The mobile landscape changed quite a bit recently, but when they started, they actually had to make deals with cellphone carriers directly. Being backed by these top firms helped them get credibility and opened many doors. They’re extremely successful now.

Looking back, what were the keys to your success?

Clearly never losing focus and never giving up. Startups are the wildest ride. When things go well, it’s the greatest thrill, but when things go bad, it’s very tough. I tend to become very emotionally involved with my ventures, which is probably not a good thing, but I’m a man of passion. At one point in particular, giving up would have been the easy path. Times were rough. But I didn’t. I’m extremely proud of that.

If you give up, it’s over. It you keep at it, there’s always hope. Too many people give up too early in my opinion.
It would also have been very easy to give in and take funding. I mean, so many investors approached us all the time, but I always refused their money. I’m glad I did. We kept control the company and got to decide when to exit and at what price. And more importantly, we get to keep all the money. What’s not to like?

Could you tell us how your deal with Websense came about?

Websense contacted me a long time ago to “chit-chat”. I’m not even sure if we were launched when I first talked to Dan Hubbard, the CTO. They thought what we were doing was very interesting and they really saw the potential of Defensio. The data that flows through us is extremely valuable for their ThreatSeeker Network. Slowly, partnership discussions led to acquisition discussions, and the rest is history.

What factors went into your decision to go for it?
Honestly, I think it was a match made in heaven. Our data is of great value for them, their technology makes us so much more efficient, they have an amazing team and some of the smartest people around. Defensio also completes their (well, our!) product offering so well. It seems like it was the missing piece of the puzzle for them. In my opinion, it was the logical move to do. It’ll take Defensio to the next level. Somewhere we couldn’t have reached on our own. And most importantly, our current users will greatly benefit from this partnership.

Anything else you want to share that could help others following in your path?
Every entrepreneur ABSOLUTELY NEEDS to watch the talk DHH gave at Startup School in 2008. I was in the audience and what he said makes so much sense. Why do people even try becoming the next Facebook? I think people don’t really realize how hard/impossible it is to become Google or Facebook.
As DHH puts it, if you have 1:10 odds to make a million dollars or 1:10,000 of making a billion. What do you chose? Seems pretty obvious to me. Especially if it’s your first startup!
Bootstrapped exit are often labeled as “small exits”. This makes me smile. Most of them might be small compared to Youtube, true. But considering that that these “small exits” are generally 7 or even 8 figures, that seems not too shabby to me. Or maybe I’m just disconnected from reality.
I think the best advice I can give to entrepreneurs is STOP THINKING AND START WORKING. I’m one of those guys who’s afraid to fail. I hate losing. I used to try to come up with the perfect idea and the perfect business model. Obviously, it was never quite as good as I wanted it and I was never starting anything. Not starting meant not failing: it was my comfort zone. But not starting also means not winning. It’s very cliche, but your original idea really doesn’t matter. It’s all about execution and being able to seize the opportunities that arise.
When I started working on Defensio/Mailagio, so many people thought I was stupid for going into the email spam market. They were probably right, the market is already over crowded and even if, in my opinion, the problem is not yet solved properly, going head to head with all these big companies seems impossible. However, if we hadn’t gotten our hands dirty, we would never have switched gears and started working on Defensio as you know it today.

Finally, what’s next for you?

I joined Websense as Director of Software Development. I’m committed to make Defensio kick even more butt. And I think we’re in great shape to make it happen now. Being part of such a great team is awesome.

We want to expand Defensio way past simple spam filtering. Stay tuned!