This blogger has seen that even in this time and age, some people simply love POP3 and prefer it over better and more secure alternatives. This post serves as an eye-opener to users as well as administrators who are die-hard POP fans.
Some reasons why you shouldn’t use POP
- Traditional POP3 (without any secure configuration – which is also the most common way admins configure your Outlook Express) transmits your username and password over the network in plaintext. Any user with malicious intent, can “sniff” your password over the network and get hold of your email. In most cases, the credentials that you use to retrieve mail are the same that you use to send mail, which means the intruder can not only read your mail, but also send mails to other people on your behalf!
- Now, relating to the above point, replace the ‘hacker’ with malicious software/spyware/virus on the PC of a legitimate user on your network. The malware can do the sniffing and use the credentials to inject spam into your organization, as well as the rest of the known universe, pretending that its YOU the POP user who is sending the spam.
- All your emails are dumped to your PC from the server. What if you’ve been using POP for the past 5 years and your PC decides to crash – and you have no backup.
- What if your PC doesn’t crash, but your mail folders get corrupted – quite common with many POP3 clients.
- What if you want to access your received emails from some place else and you do not have your PC with you. Of course, for points 3, 4 and 5, you could leave a copy of your mails on the server – but what’s the point in sticking to POP3? – read on!
- For some users, their email might seem very secure when it’s sitting on their own PC and nowhere else. I have news for you. The moment someone else sits on your PC, kiss privacy goodbye. A knowledgable user can open password protected folders. An additional point to ponder: SMTP traffic on the internet is not encrypted by default. It is most likely that your sensitive email is flying about cyberspace in plain text anyway!
- If you travel to a partner/client’s office with your laptop, accessing your mailbox via POP3 might require intervention of their network administrator if POP is not already open on their firewall – or you may require some sort of firewall client.
- No access to your company’s Address Book.
Some reasons why you should use RPC over HTTPS instead
- Passwords don’t go out in plain text. Just about anybody can’t get hold of your password.
- If you use RPC over HTTPS, an SSL session is established between your PC and the server that has your email. The email content reaches you in a secure, encrypted channel.
- The email is stored on your server, and (hopefully) a backup is taken every night.
- If you use Outlook in cached mode, all you have is an offline copy of the same email – which means its available for your reference even when your PC is not connected to the office network.
- If your client PC crashes, or if your Outlook folders get corrupted, your emails are still safe on the server. All it needs is a fixing of your Outlook. (Note: If you archive some of your email on PST – make sure its backed up – or that the organization has a centralized email archiving system in place)
- You can access your company’s Address Book and all your contacts, tasks, calendar, etc.
- Presence information from Live Communications Server, integration with SharePoint workspaces, etc.
- Unlike POP3, Outlook Anywhere uses HTTPS and can be used from any partner network where they allow you to surf the net. No additional config required. 🙂
Some users need to have more than one Exchange mailbox open at the same time on the same PC (usually executive secretaries). The common excuse is that they cannot configure two Exchange mailboxes on the same Outlook profile.
It is indeed possible to configure two Exchange Server mailboxes on the same Outlook profile. Here’s a tip: In Outlook 2007: Tools –> Account Settings –> Select your Exchange mailbox –> Change –> More Settings –> Advanced tab –> Add –> type the second mailbox name –> OK –> Next…Finish. See this page for more details.