I have exchange 2003 and some people are now using blackberries to read their emails. They are using the blackberry information service (BIS) that comes with the phone from at&t. My understanding is that the BIS keeps checking our exchange server for emails for that user, and if there is one, it gets it and sends it to the users phone. There is no encryption installed on the exchange 2003 server like SSL, so how does the BIS check the persons account without sending the user name and password in plaintext over the internet. Or does it send that in plaintext over the internet. Also, it doesn't encrypt the email itself, does it? I could find any articles here or on the internet that address this, they mostly start refering to the Blackberry Enterprise server, which we don't have.
Can any body point me to any articles about these details (BIS and encryption)?
Thanks a lot,