Email is a battleground, a developer minefield

The leading email apps are Outlook, Thunderbird, Mac Mail, Evolution, Lotus Notes, Gmail, Hotmail, Yahoo Mail and that's about it. In terms of market share and success there are a significant number of 'also rans', but why?

My first thought was that the main contenders dominated the market so completely that no-one bothered with the others, but then I thought back to 2003 when Thunderbird first became usable (some might say it is still not) and suddenly it gained market share. Mozilla Thunderbird proved that you can go from nothing to something, perhaps on the back of Firefox, but unlike so many other apps, users stuck with it. I have only just realised why.

A bit of background is required here. Where I work we have archives of business critical emails from certain accounts, users don't have to keep half a million emails they can access old messages using a web interface to the database of archived messages. At the moment all emails they open are downloaded as '.eml' files and so open in their desktop email client (Outlook or Thunderbird), but that method means that laptop users have to remember to remove the files as they go (which they often forget to do) because of the potentially sensitive nature of the messages. My solution was to get the web interface to display the message with the appropriate cache headers, which solved my immediate need but I realised that it would expose the system to spam (especially as some users access the system from their home networks and so cannot be proxy protected). In case the full horror is not clear, this would mean that an embedded image link in a spam email would effectively gift the spammers the bona fide email address - at best, at worst using an old IE (thinking it is in the trusted zone) we have security meltdown.

It was this that made me realise just what a fine line email clients are treading between functionality and security. The webmail systems have to inhibit the browsers natural instict to connect and show, the desktop systems have to emulate the web functionality while still limiting access. Email is a battleground, would anyone willingly enter the fray? Images, JavaScript, Applets, Flash, Ajax and application attachements all present risk in remote communications and local access.

The apps that can cut it are ones that provide just enough functionality and maintain security or provide more functionality and expose their users to 'some risk' (I would say that any risk is unnacceptable, but I don't work in their security department). Both approaches have their warfare equivalent, but what are 'acceptable losses' in this context?. There is still room for another client in the market, no-one has nailed it yet. I think Mac Mail is closest, although spammers can crash it remotely at the moment. As for my problem, I have a solution but it is probably not cost effective to implement.

Blogged with the Flock Browser

No comments: