1) It's been difficult to get email through to our secure
mailserver from all ISPs when users are travelling. Some of
the dial up ISPs seem to grab the email packets and make them
go through their own servers instead, regardless of how
"outgoing mailserver" is set on the email client. This
results in some of their mail to 3rd parties that check SPF
getting blocked as coming from an illegitimate IP. We've had
some success getting around this using alternate ports but
when users are on the road they are often not highly
receptive to spending lots of time on the phone screwing
around with their mail settings to work it out.
What about having the CLIENTS require SSL which will fail
if the "ISP grabs" it -- and if you cannot get it through
some ISPs due to port blocking, how about setting this up
on an alternative port?
Blocking is one thing, but "grabbing" your email may be
a crime in some, it is certainly rude.