News

Welcome to End Point’s blog

Ongoing observations by End Point people

Using Gmail at Work

The Short Story

For those who don't care about why, just how...
  1. Create a new Gmail account
  2. Setup Mail Fetcher
  3. Setup send email from another account;and make it your default
  4. Verify you send and receive as your corporate address by default using the web client
  5. Setup your mobile
  6. From your mobile go to m.google.com/sync and Enable "Send Mail As" for this device (tested only on iOS)
  7. Verify you send and receive as your corporate address by default using your mobile client
  8. Setup Google Authorship with your domain's email address

The Long Story

Here at End Point there are a lot of opinions about email clients. Our hardcore folks like Alpine while for most people Evolution, Thunderbird, or Outlook will do. As a Gmail user since September 2004, I found I needed to figure out how get our corporate email system to work with my preferred client.

My first reaction was to have Gmail act as an IMAP client. I found (as many others had) that Gmail does not support IMAP integration with other accounts. However, Gmail does have a POP email client known as Mail Fetcher. I found that Gmail does support encrypted connections via POP, so use them if your email server supports them. When combined with the HTTPS by default, access to the Gmail web client seemed sufficiently secure.

I now needed to send email not as my Gmail address, but as my End Point address. Google has well documented how to send email from another account. Again encrypted SMTP is supported and is strongly recommended. Also be sure to make your corporate email account the default account so you will always use your corporate email address and not the Gmail address.

After verifying I was sending and receiving email properly, I needed to get my mobile setup. There are a variety of options available for all the mobile platforms. On my iPhone, I had several other accounts already setup and found the native client to be acceptable. I decided I would configure the native iPhone email app to access Gmail, as well as Contacts and Calendar using Google's support for Microsoft's ActiveSync protocol, which Google has licensed and rebranded as Google Sync.

I had used Google Sync for other Exchange accounts at my previous job and found it worked very well. However, there are some known issues, like not being able to accept event invitations recieved via POP. It's worth checking these issues out to see if there are any blockers for you.

After setting up "Google Sync" on my iPhone, I tested again, and found that by default, it would use my Gmail account as my default outgoing email account, despite the setting in the Gmail web client. I needed to use my corporate address here at End Point for sending mail from mobile; I thought I was sunk!

Fortunately, it seems I over looked a section in the Google Sync setup documentation, labeled "Enable Send Mail As feature". This feature solved my problem by having me go to m.google.com/sync from my iOS device and check Enable "Send Mail As" for this device. This would tell Google Sync to use the default outgoing account I had specified in the web client.

One requirement here at End Point which this configuration does not meet is support for PGP encryption/decryption of messages. There is a Chrome plugin that claims to offer support, but as the authors from this post highlight:

There may also be resistance from crypto users – who already are a security-conscious lot – to trusting private keys and confidential messages to a set of PGP functions folded inside some JavaScript running inside a browser.

I'd have to say I agree. After following the instructions to install the plugin, I balked when it asked for my private key; I just didn't feel comfortable. Despite this shortfall, most End Point email isn't encrypted end-to-end. However, I can feel good knowing that my "last mile" connection to End Point's servers are encrypted, end-to-end using encrypted POP, SMTP, and HTTPS.

2 comments:

Jon Jensen said...

Heh. It's funny to hear Alpine mentioned as a hardcore option, since I'm a longtime Pine user and used to get flak that it's a mail client for wimps! The real hardcore folks use Mutt. (Or mailx, or raw SMTP/POP/IMAP.)

On the topic of end-to-end encryption, our mail servers do use TLS whenever supported by the other mail servers they're talking to, which is good, but still open to man-in-the-middle attacks due to weaknesses in SSL's CA model, of course.

Brian Buchalter said...

After using this configuration for a while, I found it helpful to go to Settings > Labs, and search for "Refresh POP accounts". It fetches messages from your POP accounts on demand by using the fresh link on the top of the inbox.