Question : Configuring Webmail in Exchange 2003

We currently have Exchange 2003 running and staff access webmail via the following url:
http://webmail.ourcompany.com/exchange
I am not an Exhcange admin but have been working with Exchange long enough that I am concerned about that url as a connnection and that we do not seem to be using https:.  What are the obvious dangers I need to bring to admins attention (clear text transmission, no encryption on email, open to DOS attack, etc.)?
Also,needing to add the /exchange on the end, is that indicative of a DNS configuration that needs to corrected so that the /exchange is not needed.?

Answer : Configuring Webmail in Exchange 2003

The danger of not using SSL is not only that the emails are not encrypted, but the user name and password will not be encrypted if you are using Basic authentication. However, just because you are not using https to connect does not NECESSARILY mean that you are not using SSL.  Many admins (myself included) will add a redirect to their IIS configuration that allows users to enter the "http://" on the address line but they are redirected to an "https://" website.  You can tell if this is the case by looking at the URL that comes up after you log in.  If the final URL is "https://" then of course you are using SSL.
Random Solutions  
 
programming4us programming4us