RE: ISPs' willingness to take action

VPN technologies are either too weak, like PPTP, too
expensive or difficult to grasp like IPsec, or too new
like the HTTPS tunnels.

A couple of years ago, I was working at a company that
used Exchange for corporate email. They had a web version
of Outlook that, I believe, was part of Exchange server.
It is almost a no-brainer to put that up on an HTTPS server.

Due to the prevalence of online shopping and banking,
even relatively clueless users understand how to look
for the secure web browsing icon (key or lock). This is
reasonably strong security, cheap to implement and easy
to grasp. It's also been proven for almost 10 years now.

And if you don't like Outlook's web version, there is
always one of the many web email packages like SquirrelMail which can use IMAP or POP
(both supported on Exchange server) and which can be
secured via SSL/HTTPS.

Somebody oughta sell a secure email box that plugs in
between the Exchange server and the network and includes
a secure SMTP server relay, secure POP server, secure
IMAP server and secure web email interface. No doubt
somebody already supplies boxes like this, and ISPs just
have to start reselling them.

I don't recall the source, but it was recently reported
that 40% of the exchange server base is still on the v5.5
platform. Using that as a general indication, many of
these shops probably won't plan to upgrade anytime soon.

According to Google, Exchange 5.5 does both POP and IMAP
so the possibility of secure web mail service is there.

Seems to me that you could sell some service and
educate the users about safe email practices at
the same time.

--Michael Dillon

Yeah, but what happens is when you use the web based interface and
non-outlook pop3/imap/smtp clients is that you lose access to things like
shared address books, shared calendars and other things which these people
depend on. At least, from what I remember, Exchange 5.5 lacked these
features via the web based interface. Might be different now.