[FoRK] GPG/PGP for MS-Outlook - Suspicious absence of options

Stephen D. Williams sdw at lig.net
Mon Jul 1 09:40:00 PDT 2013

How can you use Outlook for anything serious?  It is a broken toy of an email client.  And Exchange! Expensive, resource hog, 
fragile email storage (I've heard corruption horror stories for years).

When used with Office365.com email service, even calendaring barely works.  Something basic like "share my calendar with the 
company" doesn't exist.  Quite a bad contrast with Gmail.  I'm perfectly fine with using a web interface for all calendar editing, 
receiving email alerts with working URLs (something Exchange/Office365 has trouble with).  There's no fundamental reason that 
calendaring and email have to be combined and intermingled.

For GPG integration, how about:
Calendaring can be added on, with easy support for Gmail, plugin support for Exchange style, and a number of open source and 
commercial calendar servers.

Recently I considered non-Exchange self-hosted email / calendar alternatives.  Standard open source solutions completely solve the 
MTA (Postfix, perhaps sendmail), Imap4 (dovecot, etc.), and email client (Thunderbird, Roundcube for web email).  It appears that 
Bedework will probably be the leading calendar server, however it isn't a standard installed thing yet.

This product nicely leverages standard Linux email systems, ties it all together with installation and management, and adds 
proprietary calendar support, with available Outlook integration. They have a free package without Outlook integration, pay with it, 
which is a nice enough split.


For calendaring components, I narrowed down to these:

For a completely free email / calendar stack, except probably for anti-spam service, I put together this recently as a tentative list:

Given a Linux VM, installing a local email server on Linux:

 1. SMTP / Imap4 configuration: 1-2 hours.
 2. Webmail: 1 hour.
 3. Calendar server: 1-4 hours.  Or use web calendaring service with no setup time.
 4. Best Anti-spam install: 1-2 hours.  $0-1000
 5. Reliable backup (via rsync to a spare local directory plus remote to another server): 1 hour.

Some anti-spam options are free, others cost up to $1000/yr. and are easier to install.
Once installed, the VM can be imaged to prevent ever needing reinstall.

Scalable, easily backed up, and secure email on Linux is trivial: Postfix (MTA) + Dovecot (Imap4+indexing) is easy to install, can 
use any amount of storage, and because of intelligent Imap4 indexing, handles tens of thousands of messages per folder and thousands 
of folders easily for any Imap4 client.  I have always found it to be faster than Exchange servers.

Roundcube seems to be the best web mail client:

Anti-spam, virus scanning, phishing defeat can be handled by free and commercial systems, some of which are listed below.  A 
complete service can be had for $1000/yr. including a prebuilt VM that is easy to insert.

Bedework appears to be the widely used and ideal calendar server software.  Note that it seems to have far more features and be far 
more flexible than Exchange for calendaring activities.

Used by Berkeley and many others:

For those that insist on using Outlook, this plugin, at $23 per license, supports calendar integration in Outlook for all of these 
calendar sources:
Supported are (alphabetical):
AllConnected4, Atmail^2 , Baikal^12 , Bedework^1 , Citadel^12 ,
Chandler Cosmo^1 , Communigate Pro^1 , Darwin CalendarServer^12 , DAViCal^12 , EPL^12 , EGroupware^12 , Fruux^12 , Google Calendar & 
Tasks <http://ical.gutentag.ch/Outlook-Google-Synchronization%20by%20iCal4OL.html>^1 , Gmail Contacts 
<http://ical.gutentag.ch/forum/viewtopic.php?id=42>^2 , GroupOffice Prof^12 , Horde^12 , IceWarp^12 , iCloud 
<http://ical.gutentag.ch/Outlook-iCloud-Synchronisation-mittels-iCal4OL.html>^12 , Infomaniak 
<http://ical.gutentag.ch/forum/viewtopic.php?id=501>^12 , Kerio^12 , maXvis^2 , Office2s, OpenXchange^2 , Oracle Convergence, 
Owncloud^(1)2 , Posteo^2 , Scalix, SmarterMail^2 , SnapAppointments, SOGo^12 , Synology, Terminland.de, Tine 
<http://ical.gutentag.ch/forum/viewtopic.php?id=459>^2 , Tobit David.fx-Server 11, WebCalendar (only^1.05), Yahoo^12 , Zarafa^1 and 
Zimbra^12 .

Why wouldn't we use Exchange Server?

 1. Slow
 2. Unreliable
 3. Tends to lead to limited storage, probably due to using a relational database for email storage.
 4. Non-standard email and some mangling of messages.
 5. Difficult to backup, restore, and recover from problems. Probably requires an expensive add-on for proper backup.
 6. Requires a lot of effort to install and maintain.
 7. Expense for server, client licenses, and related services.
 8. Have to run on a Windows server rather than Linux.  This requires another expensive license, more installation and maintenance
    time, requires time consuming OS updates and maintenance, etc.


On 7/1/13 8:29 AM, Frank Bergman (fraber) wrote:
> Hi!
> Did you ever try to install PGP/GPG on Windows Outlook?
> There are only very limited options (see below). I'm
> not a big fan of conspiracy theories, but I can't
> imagine that there is no market for that, particularly
> given the ease of creating an Outlook plug-in that
> communicates with GPG...
> Here is what I found:
> - PGP got bought by Symantec, they don't release the
>    source code anymore (NSA backdoor), and the purchasing
>    page is currently broken on their Web site
>    (Symantec Internal Error Page! An Internal Exception
>    has occurred. Please contact Administrator.)
> - GPG exists, but is very GNU (GNU's Not User-friendly)
> - There are several Outlook plug-ins, but none of
>    them worked for me. At least you can say they
>    don't receive a lot of attention:
> 	- G-Data (abandoned since 2009)
> 	- gpg4win.de (German only, hangs with my Outlook)
> 	- GPGol (buggy, didn't work for me)
> This mess contrasts with the relative ease of developing
> Outlook plug-ins. I believe there is a great opportunity
> to develop a software free for private use software that
> would require a license for professional use. Maybe the
> developers could make key management a bit easier by
> providing "half secure" features or "default scenarios"
> (like Ruby - convention over configuration) like
> automatically importing keys from friends or similar.
> Sure, that's not 100.000% secure, but 99.999% is better
> than sending out unencrypted stuff...
> I'll be happy to help with writing the business plan
> and with experience running low-budget start-ups :-)
> PR expenses will be close to zero in the current
> environment of public outrage in Europe and other parts
> of the world, where even mass-media would write about
> any reasonable product. And marketing could be completely
> viral if the system sends out mails with a viral footer
> inviting the receiver to download and install the system.
> Cheers!
> Frank
> ---
> Frank Bergmann
> Dipl.-Ing., MBA
> Founder ]project-open[
> Tel: +34 933 250 914
> Cell: +34 609 953 751
> Fax: +34 932 890 729
> http://www.project-open.com
> http://www.project-open.org
> http://www.twitter.com/projop
> http://www.facebook.com/projectopen.org
> http://www.linkedin.com/in/fraber
> _______________________________________________
> FoRK mailing list
> http://xent.com/mailman/listinfo/fork

Stephen D. Williams sdw at lig.net stephendwilliams at gmail.com LinkedIn: http://sdw.st/in
V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407
AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres
Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer

More information about the FoRK mailing list