E-mail is, by far, the most used and most depended upon Internet application, and with many people working after hours at home or from distant locations when they travel, workers often need access to their company e-mail when they aren't at the office. There are numerous ways to accomplish this, but some are more secure, more cost-effective and/or more scalable than others, and the best choice for your company may depend on its size, as well as other factors.
Directly connect to the mail server
The most logical, and often the easiest way for users to retrieve their company mail is to set up their e-mail clients to connect over the Internet to the e-mail server used for sending and receiving company mail. All they have to do is configure the mail server IP addresses and account information in their e-mail client software and they can send and receive mail just like at the office--well, maybe.
If the office mail server uses IMAP, the mail itself stays on the server and users can view it from wherever they are. For instance, if your Exchange server is properly configured, users can set up their Outlook clients to connect to it and read and send mail.
If the mail server used for company mail is a POP server, this can cause problems. With POP, mail is downloaded to the end user's computer instead of staying on the server. That means the user may end up with some of his mail on his office machine, some on his home machine, and some on his laptop.
As for sending mail, many SMTP servers are configured not to allow anyone to send through them unless the sender is connected to the local network. So, although this may seem to be the most straightforward method, it may not work.
Connect to the company LAN through a VPN
As your company grows, a better way for your employees to access the mail server is to use a VPN connection to log onto the office network. Since the data that goes through the VPN tunnel is encrypted, it’s a secure method--as long as you take steps to ensure that the remote computer doesn’t serve as a vector of attack or introduce a virus to the LAN.
You should implement a VPN quarantine solution, so that remote systems that VPN into the LAN are checked to be sure they’re running an antivirus program, have personal firewall protection, have the latest security updates and service packs, and so forth.
You should also prohibit "split tunneling," which occurs when the user has direct access to the Internet at the same time he’s connected to the VPN. This can make the VPN vulnerable to attack.
Access mail via the Web
Another way users can access their company e-mail accounts remotely is via the Web. For instance, you can set up your Exchange server to support Outlook Web Access (OWA). Users point their Web browsers to the e-mail server’s OWA URL, and log on with their regular mail account credentials. The interface resembles Outlook, but the user doesn’t have to configure an e-mail client or even have one installed on the computer.
A big advantage of Web access is that users can get their mail from any computer, including public access computers at libraries or Internet cafés. For best security, make OWA available only through an HTTPS (SSL) connection and use certificate-based encryption. This is especially important if users will need to access OWA with browsers other than IE, because they may not be able to take advantage of the security of Windows Integrated Authentication with some other browsers.
If your company is still small, you might not have your own mail server. You may instead use an ISP’s mail server, so some of the options discussed above may not be available to you. There are still ways your users can get their company mail at other locations.
One alternative is to use e-mail redirection software such as ERC (E-mail Redirecting Client), which is a free tool that allows a user to redirect the mail from his office POP3 account to his home account (for instance, while he’s on vacation). It can be downloaded at http://www.freedownloadscenter.com/E-mail_Tools/Mail_Redirecting_Tools/ERC__E-mail_Redirecting_Client_.html .
A redirection program could also be set up to redirect the office mail messages to a Hotmail account, so that the user could access them via the Web from any computer.
Then there are services such as E-mail Anywhere (www.e-mailanywhere.com) that allow you to access any existing ISP or corporate POP mail account through their Web site. You just log on with your e-mail address and password, and you’ll see your Inbox and can check your mail. As with other Web-based solutions, it can be used from any computer, anywhere in the world.
Another possibility in the small office situation is for the user to use remote control software such as the Remote Desktop built into Windows XP/Vista, a third party product such as PCAnywhere or a service such as GoToMyPC to access his entire office desktop from another computer at a remote location. He can run any application on the office computer, including the e-mail client. All processing takes place on the office computer. This option has the advantage of allowing you access to all the files on your office computer, not just your e-mail messages.
Here’s another program that you can use to share files and run remote applications on your office computer, but this one uses your e-mail account to do it. It’s called GetByMail and you don’t need a dedicated IP address, nor do you have to make complex network configuration settings. It supports POP, IMAP and SMTP and works with Exchange and Gmail. You can secure connections with SSL (http://www.getbymail.com/en/home/overview.php).
There are many ways to give your users access to their company e-mail when they’re away from the office. Some work only with ISP POP accounts (more likely to be used by small businesses), some work only with corporate mail servers (more likely to be used by medium and large business) and some will scale to work with almost any type of e-mail account.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.