[oclug] The chairman speaks

[Bill Strosberg]

Matt Rose wrote:
> 
> Bill, the rest of the post makes sense, this part doesn't
> 
>> POP3's time is coming to an end.  It just doesn't do anything well, 
>> and keeping the message store on one particular workstation that is 

Matt:

Here are my thoughts.  Upon reflection, perhaps I was rambling and focus 
hopping a little.

My scenario was corporate mail, not necessarily POP3 at an ISP. 
Corporate mail today is (admit it) Exchange, or (Insert good MTA here) 
fronting Exchange, Notes, Groupwise or the like.  Corporate users with 
Exchange generally want to get get remote access.  Exchange can be 
beaten into running POP, but they really recommend using a VPN gateway 
and accessing the Exchange server remotely.  My dumb, dumb, dumb comment 
was regarding how complex and stupid it is to use either method 
(Exchange POP or VPN for just mail).  My last desktop in a long term 
environment was Exchange-based, and if we located the message store on 
the server (not encouraged because of disk resource usage), it was 
accessed by POP3.

IMAP-TLS running on a corporate server located visible to both inside 
and outside solves a bunch of problems, although it does run into the 
eternal (90% unused) groupware feature desire (note I didn't say need or 
usage).


> 
> 
> POP3 and IMAP are just protocols.  IMAP is more powerful than POP3, but 
> really they're both just ways of managing mail on a remote store using 
> an MTA.  The main difference between IMAP and POP3 is that IMAP has a 
> way of handling different folders on the mail server itself, while POP3 
> just knows about one folder.  People are not "Waking up" or demanding 
> better, it's just that IMAP is far, far more server-side intensive than 
> POP3.  Up until recently, it would be far to cost-prohibitive as an ISP 
> to offer IMAP access to your mail server.  Just recently is it possible 
> to run a 20,000+ user IMAP server reliably for a decent price.  
> Remember, as an ISP, email access is bundled into the price of 
> everything else, so it wouldn't be competitive to offer IMAP access when 
> a POP3 server is *so* much cheaper.  It was dumb, but it was the only way.

100% agreed on the protocol statement, but the implementation creates a 
user environment that differs dramatically depending on which you 
implement.  Although just protocols, the environments they create will 
greatly enhance a distributed real-world work environment (IMAP) or 
equally discourage it (POP - sit and work from one internally accessible 
only desk).


> 
>>
>> Therein lies my bitch with Gmail et al.  Somebody else sits on your 
>> mailstore.  Unencrypted access possible.  Online identity theft too 
>> easy to imagine.  Who could trust it?  Why aren't people concerned?
>>

My position was that to avoid real world problems using 
Exchange/Outlook, people are using Gmail (and it's work-alikes) to avoid 
the access issues and extend their workspace outside the walls.  As a 
information security person, I've talked with many corporate email 
admins who have tacitally accepted usage of external services as they 
are unwilling to open VPN access to their whole user base and unwilling 
to set up Exchange/POP.



> 
> This makes no sense.  Someone else is *always* sitting on your 
> mailstore, especially with IMAP.  Webmail is actually probably the best 
> way to manage your email, considering that there's a lot less overhead, 
> and there's a lot less danger of viruses and malware when you're not 
> downloading executable attachments to your own computer automatically.  
> It all comes down to a matter of who you trust.  I fully trust no-one, 
> so I run my own mailserver, but I trust google enough to have a gmail 
> account.

True, but I wasn't thinking personally, I was thinking corporately.

--
Bill Strosberg