Internet Messaging in 60 Minutes Terry Gray -University of Washington Policy Issues Mission Critical Messaging Goals Relevant Standards Standards Update Sample Architecture Designing for Reliability Designing for Scalability Mobility Security Trends Open Issues

Policy Issues Spam Harassment Privacy Legal discovery Records management Monitoring, Tracing requirements

Mission Critical Messaging Goals User view –Availability/Reliability –Interoperability –Usability/Convenience –Mobility –Message security Administrator view –Availability/Reliability –Scalability –Maintainability/Manageability –Administrative Flexibility –Infrastructure Security

Relevant Standards ESMTP -Mail transport NNTP -News transport RFC822 & Header definitions MIME -Content encoding & labeling DSNs -Delivery Service Notifications POP, IMAP -Remote mail access ACAP -Remote configuration access LDAP -Directory access S/MIME, PGP -Secure messaging SIEVE -Filtering

Standards Update IETF activities: updates, extensions Givens: SMTP, POP, IMAP, LDAP Dueling: S/MIME, Open PGP Upstarts: ACAP, SIEVE Unstarted: notification

Sample Architecture Mail Client Outgoing SMTP Server Message Store Option/ Config Store Directory Store Delivery & Filtering Agents SMTPIMAP ACAP LDAP Incoming Mail Forwarder Other Message Handlers NNTP SMTP

Designing for Reliability Reduce "single points of failure" –Redundancy Reduce size of "fault zones" –"Horizontal Scaling" Graceful degradation, failure –Time outs, retries, DSNs Reduce complexity, heterogeneity –Avoid gateways; use Internet standards

Designing for Scalability Big boxes vs. (lots of) little boxes Mapping user names to servers Mapping folder/newsgroup names to servers Client configuration

Mobility: the unlearned lesson Incoming folders Secondary folders Global address books Personal address books Configuration info Subscription lists Bookmarks Public key rings Private key rings Filter rules

Security S/MIME will dominate for secure mail PKI issues –# of certs, kinds, revocation, escrow, archiving IMAP/POP security options –SSL, K4, K5, OTP, CRAM-MD5… SMTP security Attachment handling risks

Trends Mostly free clients WebMail Outlook/Exchange “virus” No SMTP relaying; impact on mobile users LDAP & HTTP for everything –whither ACAP?? Growing pressure for better filtering –Will Sieve catch on??

Open Issues Management tools –Moving mailboxes among servers –Knowing when things are broken X.509 certificate infrastructure Delivery filtering and responding List servers Attachment handling Delivery notification Efficient new mail notification Integrated open calendaring Intranets vs Internets; Firewalls, VPNs Higher-Ed-specific issues, e.g. Labs

References New Book: Internet Messaging Marshall Rose and David Strom Prentice Hall ISBN All things IMAP: