@Requests and POP3
The MainBoss Basic version of @Requests makes use of POP3 to obtain incoming work requests. This article explains what POP3 is and what it means to your site.
What is POP3
POP3 is a way of retrieving email from an email account. It should not be confused with SMTP which is for sending mail, not receiving it. POP3 is supported by Microsoft Exchange, Lotus Notes, and most other popular mail servers.
@Requests uses POP3 to check a mail server for incoming mail. POP3 is designed for brief "grab-and-go" sessions. Basically, it logs in, grabs all the mail messages it wants, then logs out again. In this way, it doesn't keep the server busy any longer than it has to. It also deletes messages from the server once it's finished with them.
The most common alternative to POP3 is called IMAP4. It also obtains incoming email, but it's designed for extended sessions. Instead of grabbing mail and going away, it stays connected for long periods of time. IMAP4 doesn't delete messages from the server, which means the same incoming message might end up generating multiple requests.
Future releases of @Requests may give users the choice of either POP3 or IMAP4, but the current version only uses POP3.
POP3 and Security
When POP3 logs on to an email server, it uses a password. This password is sent unencrypted. Conceivably, if a malicious user could "listen in" to your Internet traffic, the user could intercept the password. Malicious users also try to guess email addresses and passwords on the off chance of getting lucky. For example, they might try email@example.com and keep trying every word in the dictionary in the hope that Chris wasn't very smart in picking a password.
Because of the slight chance of a problem, POP3 has been "banned" by some IT departments. However, there are several straightforward ways to work around the possibility of a security hole:
- @Requests only needs POP3 access to a single email account—the account where work requests are sent. It's possible to configure mail servers to grant POP3 access to one account but not to any others. For information on how to do this, see the documentation for your server.
- In many organizations, your @Requests email address only needs to be "visible" internally. If the only people submitting requests are inside the organization itself, then all communications to that address (including POP3 communications) can be kept in house. Outside intruders will never have a chance to "listen in" for passwords, because the communications never go out to the exterior Internet.
If Your IT Department Says No
If your IT department refuses to let you use POP3 despite what we've just said, there are two solutions:
- Upgrade from MainBoss Basic to MainBoss. MainBoss supports a number of more secure protocols including POP3S and POP3 with TLS (Transport Level Security). Either of these should satisfy your IT department.
- Make use of third-party software to add security to POP3. Click here for details.
We should also note that the default setting for some e-mail packages (e.g. Outlook) is to use POP3 with TLS. In this case, normal POP3 won't work with the mail server so you'll have to use one of the solutions above.