Is a remote server “a cloud service”? Maybe if you consider the cloud as just someone else’s computer. I don’t.
Email doesn’t sync between devices. Each client communicates directly with the email service.
“When you read an email message using IMAP, you aren’t actually downloading or storing it on your computer; instead, you’re reading it from the email service.”
“IMAP only downloads a message when you click on it, and attachments aren’t automatically downloaded.” I disagree with this statement from the MS page. IMAP clients may or may not download a message/and or attachments automatically .
In Preferences → iCloud there is a switch “iCloud Mail.” I understood this to be a way to use iCloud to sync your email, instead of using IMAP. Am I mistaken?
That setting is to sync your iCloud settings. “If you want to keep Mail settings up to date across your devices, turn on iCloud Drive, then click Options and select Mail.”
(I managed mail most of my career and still am not an expert. But I comment on it to share information that I hope may be useful to others.)
Yeah. At best, MS has this confusingly-worded. The difference between POP and IMAP is where “the truth” is.
In the case of IMAP, the data on your computer is probably best thought of as a local cache of the data on the server. An IMAP client that’s behaving per spec will refresh your local mailboxes according to what’s on the server - including additions, deletions, moves, and everything else.
In the sense that it’s controlled by a third party that can access, log, copy, etc. your data I would say that an amount of caution is warranted, similar to the sort you would employ with cloud services - but I agree - I don’t really consider it a “cloud service”.
POP is a protocol which can be delivered by Cloud-services, just as a website most of the time is hosted by a Cloud-service. In the ‘old days’ companies might have their own server farms hosting websites and e-mail services, but most have shifted to Cloud-services like Azure, Amazon and Google provide. I guess it is pretty hard to avoid using Cloud-services these days.
Cloud is simply a way for companies to focus on their core-business and still take advantage of technology without investing in expertise for these technologies. But companies can also host their own private-cloud to provide these services themselves, mostly only available for a select group.
A protocol predating the “cloud-services” like POP or IMAP will most of the time be offered through a public or private cloud service. I would guess most providers of e-mail services do not run their own server farms and make use of Cloud-service providers.
In my case most of them do ask me to verify every few months. the trusted device can be use a the second factor, but this is a choice you can make for yourself. Also services I use have several ways to gain access is you would loose your phone or password. This can be done by things like recovery keys, an alternate e-mail address or phone number.
You can use Apple Keychain if the service provides the possibility, or maybe you use another password manager that offers the same functionality?
Email services might provide other ways to authenticate and use POP as a protocol after authentication with multiple factors. I personally do not use POP, but it seems iCloud and Gmail use IMAP in combination with MFA. But if you would download your e-mail through POP regularly (and remove the email from the server after download) this might not be the biggest issue.
Off-course how ‘easy’ it is to use MFA depends on the possibilities on the services you use. Also the fact that I have been using MFA for many years in the form of USB-key, smartcards, certificates etc. probably helps in not being annoyed by it anymore ;). Higher security will always have some effect on convenience.
I do exactly that, pull email down very often and never leave anything on the server.
My experience is that anything that is secure is in a SCIF. Physical access is controlled by a combination of keycards, personal security codes and a safe combination that was a total PITA to remember to get het hard drive out to work on the machine. Everyone had their own safe and hard drives and we had to remove them and lock up even to go to the bathroom.
Huh? It’s a public forum for gosh sakes. Everyone gets to speak their mind and you, with your apparently vast store of security knowledge, gets to weigh in on what is silly. Although you didn’t, did you? You just cast aspersions on everyone!
you need to explain that. Point out those issues, what you consider half baked and provide info that supports your position. Otherwise you are just trolling.