[oclug] The chairman speaks
oclug_mail at strosberg.com
Wed Feb 23 07:46:14 EST 2005
Matt Rose wrote:
> Bill, the rest of the post makes sense, this part doesn't
>> POP3's time is coming to an end. It just doesn't do anything well,
>> and keeping the message store on one particular workstation that is
Here are my thoughts. Upon reflection, perhaps I was rambling and focus
hopping a little.
My scenario was corporate mail, not necessarily POP3 at an ISP.
Corporate mail today is (admit it) Exchange, or (Insert good MTA here)
fronting Exchange, Notes, Groupwise or the like. Corporate users with
Exchange generally want to get get remote access. Exchange can be
beaten into running POP, but they really recommend using a VPN gateway
and accessing the Exchange server remotely. My dumb, dumb, dumb comment
was regarding how complex and stupid it is to use either method
(Exchange POP or VPN for just mail). My last desktop in a long term
environment was Exchange-based, and if we located the message store on
the server (not encouraged because of disk resource usage), it was
accessed by POP3.
IMAP-TLS running on a corporate server located visible to both inside
and outside solves a bunch of problems, although it does run into the
eternal (90% unused) groupware feature desire (note I didn't say need or
> POP3 and IMAP are just protocols. IMAP is more powerful than POP3, but
> really they're both just ways of managing mail on a remote store using
> an MTA. The main difference between IMAP and POP3 is that IMAP has a
> way of handling different folders on the mail server itself, while POP3
> just knows about one folder. People are not "Waking up" or demanding
> better, it's just that IMAP is far, far more server-side intensive than
> POP3. Up until recently, it would be far to cost-prohibitive as an ISP
> to offer IMAP access to your mail server. Just recently is it possible
> to run a 20,000+ user IMAP server reliably for a decent price.
> Remember, as an ISP, email access is bundled into the price of
> everything else, so it wouldn't be competitive to offer IMAP access when
> a POP3 server is *so* much cheaper. It was dumb, but it was the only way.
100% agreed on the protocol statement, but the implementation creates a
user environment that differs dramatically depending on which you
implement. Although just protocols, the environments they create will
greatly enhance a distributed real-world work environment (IMAP) or
equally discourage it (POP - sit and work from one internally accessible
>> Therein lies my bitch with Gmail et al. Somebody else sits on your
>> mailstore. Unencrypted access possible. Online identity theft too
>> easy to imagine. Who could trust it? Why aren't people concerned?
My position was that to avoid real world problems using
Exchange/Outlook, people are using Gmail (and it's work-alikes) to avoid
the access issues and extend their workspace outside the walls. As a
information security person, I've talked with many corporate email
admins who have tacitally accepted usage of external services as they
are unwilling to open VPN access to their whole user base and unwilling
to set up Exchange/POP.
> This makes no sense. Someone else is *always* sitting on your
> mailstore, especially with IMAP. Webmail is actually probably the best
> way to manage your email, considering that there's a lot less overhead,
> and there's a lot less danger of viruses and malware when you're not
> downloading executable attachments to your own computer automatically.
> It all comes down to a matter of who you trust. I fully trust no-one,
> so I run my own mailserver, but I trust google enough to have a gmail
True, but I wasn't thinking personally, I was thinking corporately.
More information about the OCLUG