You do want to be using SSL. Unencrypted connections are far too easily eavesdropped. On the other hand, it’s worth remembering that SSL only gets your login and email encrypted between your computer and your smtp server. Once your email hits the big pipes, it’s unencrypted again, vulnerable to whomever can get access to the transit points. A rogue operative in any ISP or fiber optic supplier could still siphon off huge amounts of data. Even if such a person existed, s/he would be unlikely to be able to regularly get all of your email though. However, random emails, especially if they traverse exotic territories with loose security could be grabbed.
Email is not private. Don’t forget that ever. Email is not private.
Thunderbird, Apple Mail, Outlook Express (and the hideous blue Windows Live Writer replacement) all offer SSL. But be sure not to check “Secure Authentication” if your particular host does not support it. Secure Authentication just has to do with security certificates and does not actually increase your security once you have an appropriately made self-signed certificate. Just be careful about authorising changes to your security certificate.
SSL IMAP will go across port 993. SSL POP will go across port 995. Checking your port assignment is one way to be sure your email connection is encrypted. SMTP SSL will work across port 25 (and probably some others, but I’ve tested port 25).
SSL will get you most of the way there to reasonable privacy.
While you are at it, make sure that when you access webmail (with cPanel at http://yourdomain.com/webmail, the connection forwards to an https address.
Don’t forget that when you are visiting other login protected websites, unless the connection is https, you are handing over your login and password to the owner of the hotspot (if he cares to log it or take it). If you plan to spend a lot of time on hotspots as a traveller, you need more than SSL email. You need a VPN. Don’t go cheap or unbranded on your VPN supplier (setting up your own VPN is a big enough hassle that most small businesses should be outsourcing their VPN connections), as that organisation will have steady access to all of your communication and can keep really detailed logs. Unlike a single rogue hotspot, you will be using the VPN consistently over time and with a the same login.
These steps should not be considered security overkill, but just the basics.
Alec Kinnear
Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.
so how do we set up email securely on wiredtree for example?? can you elaborate or possibly make a post on this as security & email set up on wiredtree seems to be a bit tedious for us newbies
more so step by step the general instructions you gave are hard to follow very general
Hi Kennn,
Exact instructions will depend on your email client.
General instructions for secure email at WiredTree in point form:
Good luck.
PS. Hint: Use your email client’s help files to figure out where to enter that info.
Reading the title of this post – I wanted to know how to set up SSL only email on my cpanel server. Your instructions are: Enable ssl on your email client. Unhelpful much?
Yup I’m that guy who’s going to bump a 4 year old thread just so i can tell off Chris who bumps a 2 year old thread to insult the blog owner because he’s not able to use google search to find a simple document that would show him how to set up a simple step on which ever platform he’s using.
Amusingly enough Withheld, the Snowden revelations have made it clear that SSL is not enough. Your email is being filtered and stored for future reference, even if it’s not being read for the moment.
In that sense these instructions are out of date. On the other hand, by using SSL at least you make your data inaccessible to petty thieves (akin to keeping larger sums when travellign in a moneybelt).