Arguments against POP or IMAP access to email?

S

spookykid

Gawd
Joined
Jul 27, 2000
Messages
649
Hi all -

Are there any technology-based reasons why it would be wise to disable access to an email server via POP or IMAP? My company is planning to disable our POP and IMAP access and require everybody to use a new webmail program (which itself uses IMAP). Many users currently employ Thunderbird to access email via POP or IMAP and would like to continue to do so. I'm attending a meeting tomorrow with the highest level managers of the company and the IT folks to fight for our right to continue to be allowed to access email via POP or IMAP, even if they discontinue support of the applications we're using.

One argument I've heard is that allowing users to access the email server with POP or IMAP causes more spam. I've never heard of this - have you?

Are there any bandwidth issues that would make using Thunderbird with POP or IMAP more bandwidth-intensive than using a web based email client with IMAP?

I can't think of any reason to block our POP/IMAP access. Can you?

Any help is appreciated - thanks!
 
From a tech standpoint, i'd say it's slightly more secure, even if your web client is using IMAP to connect.

Basically, they can limit the imap connections ONLY to the web front end. This way they know exactly what system is allowed to get in. (Not having to worry about Dynamic IPs, roadwarriors, etc)
No need to leave a port open on the firewallm and worry about some obscure POP3/IMAP overflow bug to compromise a mail server.

IMAP/Pop servers can lead to open relays, because those users expect to be able to send mail as well as receive. So the SMTP mailer needs to be configured to allow relaying for those certain outside hosts. I know that on an Exchange 5.5 Server I manage, even though it's told to only allow relaying for authenticated users, it still relays anonymously. So I just disabled imap access for that.

As far as bandwidth... It's slightly more controllable using the web frontend.
In a sense, the web page is only showing you a listing of what messages you have, and doesn't load them up until you read it.
An IMAP client *can* do the same, but in an uncontrolled state (your home machine) a user can set it to download ALL messages in their entirety, ALL the time, and check for new mail every minute in every folder on the server.
(I know, I did this at college. they hated me :D )



I'd say security over bandwidth is probably a reason to disable it.

I probably missed some points, and might be off on a few. I'm just giving my reasons why I may disable it.
 
having webmail as an option is a good thing, but only if it's a solid webmail system. our webmail system is terrible, but thankfully we can use either IMAP or POP. I would be a sad panda if webmail were the only way to go. Plus, I only get a 500MB mailbox. My hard drive is lots bigger than that. I can understand that the school doesn't want to have to have enormous arrays to store peoples' mail, but unless i have local storage as an alternative, limiting my mailbox size is cruel.
 
It would also help the company keep e-mail from being cached/stored on computers they don't control. My company has only ever had webmail running (OWA, which just keeps getting better).
 
Thanks for your feedback!

Our technology department's main concern is that the usage of Thunderbird (the client we're arguing to keep) opens up the possiblity of mailboxes getting corrupted. Their claim is that this happens frequently, but they could not come up with solid statistics as to how often. (I couldn't find much while googling for others who might suffer the same issues).

They will be rolling out Open XChange next week. (That's the new webmail). A decision has yet to be made as to whether IMAP access by 3rd party email clients will be allowed.

The argument from the users' perspective is that we would like to maintain the ability to manage email offline, as well as the convenience of having the views of our mailboxes synchronized regardless of where we log in from while enjoying Thunderbird's other features. (The workaround proposed by our tech dept is to allow for mail forwarding).

kaosDG - your feedback was extremely helpful in getting my head around the pro's and con's of IMAP.

THANK YOU!!
 
wait, is this an internal move from mail clients to webmail only? That would indeed be a PITA.
 
da sponge said:
It would also help the company keep e-mail from being cached/stored on computers they don't control. My company has only ever had webmail running (OWA, which just keeps getting better).
Click to expand...
There is a really good point: I remember reading an article linked through El Reg on why Everyone needs a good data destruction policy. Webmail would make this easier.
 
Biggest cons IMO is POP and IMAP both send passwords in clear text. Even though the mail server itself may not have user accounts, most people use the same passwords elsewhere.

You might as well just deploy IMAPS and POPS instead, as they're trivial to configure and all the popular mail clients support the protocol. I haven't allowed POP or IMAP access for a long time, there's just no need for it.

As far as relaying SMTP, authenticated SMTP has been around for years and all the clients support it. There's no reason in this day and age to run an open relay.
 
Yes- we're going from using Thunderbird with IMAP to OX's webmail front-end only. It sucks.

I suggested secure IMAP, but apparently security isn't the main concern here. (????) It's the phantom "mailbox corruption" issue.

There was also an argument involving mailbox quotas, and our admin stated that if we use a 3rd party email client to access our mail on OX, then the quotas will be ignored. This made no sense to me, but he said it was because Open X-Change has a somehow proprietary IMAP system. (He called it "semi-integrated.") Further research has led me to believe that he is either misinformed or lying, because I found documentation regarding connecting to OX with Outlook that said quotas work just fine. I'm still trying to get my hands on their primary manual to confirm that the quotas would work with any mail client. A person in OX's tech support forum told me the quotas will work fine, but I'd like to find it in documentation as proof.

Let me see if I understand how mail quotas are applied: Please correct me if I'm wrong.

Mail comes into the mail server. Mail server checks the mailbox to see if quota has been reached. If so, reject message. If not, deliver message to mailbox.

With that logic, it should be irrelevant how the mail is retrieved from the mailbox, right? Because the quota was already checked prior to mail being delivered to the box?
 
No offense, but your admin sounds like an idiot. You should show him this thread :p
 
Let's just say that he and I "disagree" on this matter... in case I do show him this thread! :)
 
spookykid said:
Let me see if I understand how mail quotas are applied: Please correct me if I'm wrong.

Mail comes into the mail server. Mail server checks the mailbox to see if quota has been reached. If so, reject message. If not, deliver message to mailbox.

With that logic, it should be irrelevant how the mail is retrieved from the mailbox, right? Because the quota was already checked prior to mail being delivered to the box?
Click to expand...

Yes, but you could have cached data locally and have deleted it from the server. Why this would worry him with regard to quotas is beyond me.
 
You must log in or register to reply here.
Back
Top