Thursday 7 May 2009

University of Sydney's new Mail Service

For many years my university has offered a simple e-mail service with web-based, POP and IMAP access via servers on-campus. On-campus servers meant it was fast in response and download speed, and data was free (for both us students and the university). External access was available via SSL when necessary. The only real problems were limited attachment sizes and inbox quota (a few megabytes each).

Recently, the university has decided that we need a new e-mail system, my guess is they decided it'd be too expensive to set up a system with more realistic quotas (GB rather than MB) for every user themselves, so they're outsourcing it. At first I thought, great, they've finally jumped on the Google Apps For Your Domain band-wagon and we'll all have a much more usable e-mail service. Exciting times.

Alas, no. They went with Microsoft Outlook Live (beta).

This has a few serious drawbacks...

The servers are overseas
  • Firstly, it's going to be a little bit slower. This doesn't really matter if you're using POP to access it, but for web-based and IMAP access it'll be a small annoyance. Given the larger e-mails we're now allowed to send/receive, this may become more of an annoyance, but this is probably the least of my complaints...
  • The second effect is that the data now costs money. Okay, okay, they're not charging us directly, but tens of thousands of students now accessing their mail via servers, apparently located in Seattle, are going to have a sizeable impact on the university's overall internet budget. Again, not a major complaint...
  • Thirdly, the university's firewall prevents direct access to external sites. There's a web proxy (HTTP and HTTPS with limited ports only) or a VPN (which costs money each time you connect and for the data you use). So if you don't want to use the web-interface (free over the proxy) you have to pay for the VPN and for the data you use connecting to the POP or IMAP services. Admittedly this problem is technically fixable, either by punching a specific hole in the firewall for e-mail access or making VPN access free and VPN data to these sites free. We'll see what happens there...
It's Microsoft, and there is no cure
Would you be surprised to hear that the Microsoft Outlook Live (beta) service is only fully featured in IE 7 and 8? Of course not... we've come to expect this kind of behaviour from them... But what does fully featured mean?
  • Drag and Drop — okay, a minor annoyance if I decide to use the web interface and want to move e-mails around, but I'm more likely to set up automatic rules I think...
  • Keyboard shortcuts — oddly these work "partially" in Safari and Firefox (no mention of Opera). This is just plain weird... unless they decided they just had to have some of the reserved shortcuts in FF/Safari, I can't imagine why they only half-completed this job...
  • Keyboard shortcuts for MSN chat — I won't be using the built-in MSN chat in their web interface, so I personally don't care that these don't work at all (again, odd that they're specifically disabled in FF/Safari when some shortcuts work...).
  • Options — yep, that's right, most of the settings pages for the e-mail service are completely unavailable in FF/Safari. We can create filters, adjust some very basic spell-check settings, change how our calendar is displayed and choose our localisation. We cannot access the following tabs: Automatic Replies, Deleted Items options, Mail options, General options, Change Password, Voice Mail options, Junk E-Mail options. Are you serious, Microsoft? We are forced to use IE specifically to change our password? Even just to access the general options? This includes things like enabling POP / IMAP interfaces so I don't have to use their crappy web interface...
At best this is some pathetic laziness on the part of their web devs, perhaps complete incompetence... at worst this is intentionally anti-competitive.

There's also one of my hated features of Hotmail present in Microsoft Outlook Live — the mandatory yet severely limited 'secret question'. When I opened the account for the first time, I was required to make a secret question, and I had a list of 5 options for my question. The problem with this, is most people will actually put a valid answer in, and thus make it incredibly easy for a stalker to gain access to their e-mail. One doesn't need to be a P.I. to figure out a friend's mother's maiden name. Unfortunately, since I'm refusing to load up IE, I can't remember what the exact questions were, but suffice it to say there was no "make up my own question" option. Now I know what you (the security conscious) are thinking — people can just put garbage in as their answer. But I guarantee you at least half the students will put a truthful response in. At least if they could have made up their own question, they might have put something more likely to actually be secret in there...

It's not the end of the world, I know, and eventually I'll succumb to their evil demands, open IE and enable POP access so I can keep checking my e-mail via my GAFYD account... (and keep having it read by the Google E-mail Overlord bots) but it's the principal of the thing — the university should know better than to support a company that's pushing their lax security and anti-competitive ways upon us. If they truly must outsource it, at least outsource it to a company that caters for everyone (not just IE users) and has even a vague notion of what online security should be.