Webmail and standard mail protocols

Webmail is a different beast all together where mail protocols are concerned. Since they are web based, a browser communicates over HTTP or HTTPS ports and protocols unless otherwise specified by the url. HTTP is not a mail protocol, but that does note mean it cannot present a email application interface.

When sending or reading emails using a web interface, communication is done over HTTP instead of SMTP and POP3 or IMAP. Since a webmail interface is essentially a web based application, or server side application, there is always a server side component which presents the user interface to you, and implements your requests on the server side.

Since a webmail interface executes its logic on the server side, how it sends and fetches email is undefined. Webmail interfaces that come tightly bundled with the server - such as MDaemon with WorldClient are different from webmail interfaces that are third party add-ons.

Bundled webmail interfaces can be designed to access the mailstore directly without going through protocols. Because the proprietary knowledge can be shared among the developers direct message store access becomes possible.

This can also be true of webmail interfaces written for open source architectures where emails are stored in a known way - stored either in a known file / directory system or all emails store in a single file.

Other third party app-on webmail interfaces must use protocols as the only known and absolute interface to the message store. This setup can have advantages in that a very busy email system can host this webmail system on a different server, alleviating some of the CPU load.

And since communication is done with known protocols, it's no problem at all for a webmail interface to reside on a seperate server, and communicate over the network using the standard email protocols.

More robust webmail interfaces will include shared folder functionality, with the ability to subscribe to, and read emails from a shared folder. Other desirable features with more tightly integrated webmail interfaces include things like the ability to change password, set an auto response message for vacation periods, and other things that are not functions built into the standard email protocols, and impossible to do using a client side stand alone email program.

Security and webmail

Use of a webmail system poses no greater inherent threat to security than do other clear text means of email like SMTP, POP3, and IMAP. Always make sure than when using a cyber cafe computer, that you do not accept the browsers offer to remember your username or password. You will need to remember to clear that information out before leaving.

Clearing the browsers history might also be a good idea, but it is probably of little value except to the most determined industrial spy.

Other advantages to webmail

When traveling on the road an employee might want to send an email from his hotel room. Reading email with his notebook computer in his hotel room is not a problem, but sending email is. Relay restrictions on the company server might prevent the out of town employee from sending email to anyone but local addresses.

Another issue is that many ISPs are increasingly hijack port 25 sued by SMTP. When the Outlook or Thunderbird are used to send email, it goes over port 25 directly to the corporate server for delivery. But if the ISP hijacks port 25 they may disallow this completely, or route the email through their own server, and who knows what after that.

Webmail does an end run around this problem since no ISP can hijack port 80 (HTTP) without losing customers.