Simple Mail Transport Protocol (SMTP) is a standards-based protocol used for transferring messages and is the primary mechanism that Internet- and intranet-based email servers use to transfer messages. It's also the mechanism that Outlook 2010 uses to connect to a mail server to send messages for an Internet account. SMTP is the protocol used by an Internet email account for outgoing messages.

SMTP operates by default on TCP port 25. When you configure an Internet-based email account, the port on which the server is listening for SMTP determines the outgoing mail server setting. Unless your email server uses a different port, you can use the default port value of 25. If you want to use Outlook 2010 for an existing Internet mail account, confirm the SMTP server name and port settings with your ISP.

POP3 is a standards-based protocol that clients can use to retrieve messages from any mail server that supports it. Outlook 2010 uses this protocol when retrieving messages from an Internet- or intranet-based mail server that supports POP3 mailboxes. Nearly all ISP-based mail servers use POP3. Exchange Server also supports the use of POP3 for retrieving mail.

POP3 operates on TCP port 110 by default. Unless your server uses a nonstandard port configuration, you can leave the port setting as is when defining a POP3 mail account.

Like POP3, IMAP is a standards-based protocol that enables message transfer. However, IMAP offers some significant differences from POP3. For example, POP3 is primarily designed as an offline protocol, which means that you retrieve your messages from a server and download them to your local message store (such as your local Outlook 2010 folders). IMAP is designed primarily as an online protocol, which allows a remote user to manipulate messages and message folders on the server without downloading them. This is particularly helpful for users who need to access the same remote mailbox from multiple locations, such as home and work, using different computers. Because the messages remain on the server, IMAP eliminates the need for message synchronization.

Security is another advantage of IMAP because it uses a challenge-response mechanism to authenticate the user for mailbox access. This prevents the user's password from being transmitted as clear text across the network, as it is with POP3.

IMAP support allows you to use Outlook 2010 as a client to an IMAP-compliant email server. Although IMAP provides for server-side storage and the ability to create additional mail folders on the server, it does not offer some of the same features as Exchange Server, or even POP3. For example, you can't store contact, calendar, or other nonmessage folders on the server. Also, special folders such as Drafts and Deleted Items can't be stored on the IMAP server. Even with these limitations, however, IMAP serves as a flexible protocol and surpasses POP3 in capability. Unless a competing standard appears in the future, it is possible that IMAP will eventually replace POP3. However, ISPs generally like POP3 because users' email is moved to their own computers, freeing space on the mail server and reducing disk space management problems. For that reason alone, don't look for IMAP to replace POP3 in the near future.

MAPI is a Microsoft-developed application programming interface (and) that facilitates communication between mail-enabled applications. MAPI support makes it possible for other applications to send and receive messages using Outlook 2010. For example, some third-party fax applications can place incoming faxes in your Inbox through MAPI. As another example, a third-party MAPI-aware application could read and write to your Outlook 2010 Address Book through MAPI calls. MAPI is not a message protocol, but understanding its function in Outlook 2010 helps you install, configure, and use MAPI-aware applications to integrate Outlook 2010.

Lightweight Directory Access Protocol (LDAP) was designed to serve with less overhead and fewer resource requirements than its precursor, Directory Access Protocol. LDAP is a standards-based protocol that allows clients to query data in a directory service over a Transmission Control Protocol (TCP) connection. For example, Windows Server uses LDAP as the primary means for querying AD DS. Exchange Server supports LDAP queries, allowing clients to look up address information for subscribers on the server. Other directory services on the Internet employ LDAP to implement searches of their databases.

Like Outlook Express, Windows Mail, and Windows Live Mail, Outlook 2010 allows you to add directory service accounts that use LDAP as their protocol to query directory services for email addresses, phone numbers, and other information regarding subscribers.

Real Simple Syndication (RSS) is a set of web feed formats that enable publishing and updating of frequently updated content. Outlook 2010 can function as an RSS feed reader, pulling in news items, blog posts, and other data from online sites and services that offer the RSS feeds. 

MIME is a standard specification for defining file formats used to exchange email, files, and other documents across the Internet or an intranet. Each of the many MIME types defines the content type of the data contained in the attachment. MIME maps the content to a specific file type and extension, allowing the email client to pass the MIME attachment to an external application for processing. For example, if you receive a message containing a WAV audio file, Outlook 2010 passes the file to the default WAV file player on your system.

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard that allows email applications to send digitally signed and encrypted messages. S/MIME is therefore a mechanism through which Outlook 2010 permits you to include digital signatures with messages to ensure their authenticity and to encrypt messages to prevent unauthorized access to them.

MIME HTML (MHTML) represents MIME encapsulation of HTML documents. MHTML allows you to send and receive web pages and other HTML-based documents and to embed images directly in the body of a message instead of attaching them to the message. See the preceding two sections for an explanation of MIME.

iCalendar, vCalendar, and vCard are Internet-based standards that provide a means for people to share calendar information and contact information across the Internet. The iCalendar standard allows calendar and scheduling applications to share free/busy information with other applications that support iCalendar. The vCalendar standard provides a mechanism for vCalendar-compliant applications to exchange meeting requests across the Internet. The vCard standard allows applications to share contact information as Internet vCards (electronic business cards). Outlook 2010 supports these standards to share information and interact with other messaging and scheduling applications across the Internet.

2. Security Provisions in Outlook

Outlook 2010 provides several features for ensuring the security of your data, messages, and identity. This section presents a brief overview of security features in Outlook 2010 to give you a basic understanding of the issues involved, with references to other locations in the book that offer more detailed information about these topics.

Attachment and Virus Security

You probably are aware that a virus is malicious code that infects your system and typically causes some type of damage. The action caused by a virus can be as innocuous as displaying a message or as damaging as deleting data from your hard disk. One especially insidious form of virus, called a worm, spreads itself automatically, often by mailing itself to every contact in the infected system's address book. Because of the potential damage that can be caused by viruses and worms, it is critically important to guard against malicious code entering your system.

There are multiple possible points of defense against viruses and worms. For example, your network team might deploy perimeter protection in the form of one or more firewalls that scan traffic coming into your network and leaving it. Your mail administrators might have virus protection at the server level. You probably have a local antivirus client that checks the files on your computer and potentially also checks attachments that come into your Inbox. All of these are important options for protecting your network and your computer from infection.

Caution

Your virus scanner is only as good as its definition file. New viruses crop up every day, so it's critical that you have an up-to-date virus definition file and put in place a strategy to ensure that your virus definitions are always current.

Most viruses and worms propagate through email attachments, so to provide protection against them, Outlook 2010 controls how attachments are handled, blocking certain types of files (such as program executables) from being opened at all. For selected other files that offer less risk, Outlook requires you to save the file to disk and open it from there, rather than from Outlook. These behaviors and the types of files applicable for each can be controlled either by the end user or by an administrator, depending on your environment.

An additional security feature that is new in Office 2010 is Protected View. When you open an attachment that is an Office file type (a Microsoft Word document, a Microsoft Excel spreadsheet, etc.), the document opens in a separate sandbox instance of the application. For example, assume that you have Word open and are working on a document that you created. Then, you switch over to Outlook and open a Word document that arrived as an attachment to an email. Word opens a separate version to display that attachment, but this sandbox version of Word operates with greater restrictions and fewer rights and privileges than the version that you are using to modify your own document. You can't save the file or edit it while it is running in this version, so the application displays a banner across the top labeled Protected View (see Figure 1), and provides a button labeled Enable Editing that, when clicked, enables you to edit the document, save it, and so on.

Figure 1. Protected View is actually a separate, lower-privileged instance of the application.

The combination of attachment blocking and Protected View will protect your computer from a wide variety of potential threats, but that combination can't protect against all threats. For that reason, you should ensure that you have an updated antivirus client running on your computer as well as at your mail server. Adding protection at the perimeter of the network is a good idea as well.