Increasing Email Security and Reducing Risks with IMAP

Until a few years ago, Americans faced a major gap between Internet connection speeds at home and those at their offices. At work, fast speeds and plentiful bandwidth allowed system administrators to deploy Exchange Servers or other e-mail servers using IMAP, the Internet Message Access Protocol. While IMAP offers higher security and convenience when compared with POP, Post Office Protocol, constant IMAP server polling puts more of a strain on networks than simple POP updates. Therefore, many home e-mail users still opt for POP mail access by default.

However, with more users checking e-mail from laptops, security professionals point out many of POP’s vulnerabilities. Many POP e-mail systems are designed to reduce server strain by pushing messages from the mail server to the client’s hard drive by default. In addition, few POP servers encourage users to encrypt messages between server and client systems, increasing the likelihood of intercepting intellectual property during e-mail exchanges.

On the other hand, IMAP implementations often default to a higher standard of security. Most IMAP servers require SSL encryption for messages in both directions, the same level of data encryption used by secure, e-commerce web servers. Furthermore, IMAP e-mail systems store all messages, folders, and drafts on the server instead of on the client’s hard drive. While some users may opt to have their e-mail software copy incoming messages, many system administrators discourage this practice. Modern e-mail clients, like Outlook, Thunderbird, and Apple Mail do such a good job of quickly relaying secure data, end users rarely notice that critical messages and attachments live “on the cloud” instead of on their hard drives.

Although this implementation of IMAP slightly reduces convenience by requiring a persistent internet connection, users of Citrix connections or other remote management tools often prefer the speed of using a desktop mail client instead of tolerating the delay of a virtualization window. Under this configuration, a user’s stolen laptop would be useless without knowledge of an IMAP server password.

Best of all, IMAP users with stolen or broken equipment can retrieve their entire mailbox and folder structure by connecting through a new or borrowed computer. Unlike POP mail systems, which run the risk of losing important correspondence, IMAP implementations restore both the content and the structure of a user’s mailbox. This kind of synchronization also makes IMAP popular among users who divide their e-mail workload among desktops, laptops, and other portable devices.

Small and medium business owners can now offer IMAP to end users through a variety of affordable service plans. Many web-hosting companies now provide secure IMAP as part of basic account packages. Companies looking for extra features or support can acquire IMAP through other affordable service providers, including:

• Google – The web search powerhouse offers IMAP access through its GMail service and through its private-label Google Apps service. Users can access Google Mail via an ad-supported web interface, but can manage accounts via IMAP with no ads and no mandatory promotional footers.
• FastMail – One of the most popular, independent mail providers offers a variety of affordable IMAP mail accounts, as well as a free, ad-supported option.
• Global Mail Exchange – A relative newcomer to the free e-mail community, GMX offers free IMAP mail access and a robust web mail client. Sponsored by a major business web-hosting provider, GMX is a showcase for new web technology that will appeal to fans of zero-footprint computing.