Yeah! Currently, I am paying for ExQuilla because my university does not provide e-mail access via IMAP. They literally told me that IMAP is too old and Exchange is "the future" sigh.
IMAP is indeed old, but the question is, what implication of it being old they see as critical. If they worry about things needing to be encrypted better, then they could have PGP set up. It is quite common to have a more secure message exchange via a not secure channel in many protocols, so I don't see a big problem.
Usually when someone claims some proprietary MS owned product is the future, they are either sorely uninformed, MS fanboy, or their income depends on sticking with proprietary tech. None of which one would want at a public institution, and least of all in institutions of the education system.
I still remember, when some admin at some educational place I went to wrote messages to everyone on the whole system to warn them about MS office document macros. But of course people did not get it and then some malware spread over many people's systems, because they ran the code. And this happened multiple times within a year or so and even after I had graduated, but still received e-mail, it happened again. So funny to watch that story play out over and over again.
Have you, perhaps, not run a mail server? The limitation of SMTP/IMAP is that they're built with the assumption the connecting party can be trusted and acting in good faith (like many of the original protocols).
You can implement TCP rate limits on top, but that doesn't work when botnets and spammers (likely using "crowdsourced VPNs") rarely use the same IP twice. Further if you're running robust mail infrastructure (backup/fallback mail exchanges) communicating these limits/ reputations is left up to the operator (not supported by protocols, rarely supported by servers). I don't think MAPI/OWA/EWS is better, at all, especially not against open mail standards, but SMTP & IMAP don't cut it either. On a new server, it only takes a few hours before someone connects over IMAP and starts testing passwords against accounts (faster if the server is assigned to the MX or A of an existing domain, and valid emails might be known from hacks/cracks/dumps/leaks/people posting their email in their profile).
> they are either sorely uninformed, MS fanboy, or their income depends on sticking with proprietary tech
Or lazy. Or understaffed. Needless to say, other universities do support IMAP and apparently it worked just fine. Anyway, I sent an angry e-mail and moved on with my life :)
