Secure email options

SMTP, IMAP, and POP / POP3 are unencrypted transmission protocols by default (like HTTP). One method to run them securely is to use TLS, or its predecessor SSL, as in HTTPS.

Secure ports for incoming and outgoing connections:

  • Secure IMAP - port 993 (incoming)
  • Secure POP3 - port 995 (incoming)
  • Secure SMTP - port 465 (outgoing)

Check your mail client's documentation for instructions on how to enter these settings. The following article shows how it would look in Thunderbird:

Some clients will set the port automatically when you select TLS/SSL, or select TLS/SSL automatically when you select the appropriate port. Other clients will require that you make both selections in order to fully configure SSL for the appropriate service.

Another method uses STARTTLS. The STARTTLS method connects to the regular SMTP/IMAP/POP3 port and then upgrades the connection to TLS by sending a STARTTLS request. Some email clients refer to this as "TLS" and the method of directly using encryption to a different port as "SSL". This distinction is technically incorrect!

What does TLS buy me?

Encrypted communications
Your login information and email messages are sent in encrypted form, so people can't eavesdrop on them.
Server authentication
With certificates properly set up, you can check that the IMAP/POP server that you're connecting to is the correct machine (and not an impostor that just wants to steal your password.) The server provides a certificate (public key) which corresponds to a private key on the IMAP/POP server. Once the client knows that the server's public key is authentic, it can validate communications from that server.

These are particularly useful if using public Wi-Fi, which may not be encrypted – these ensure that people can’t read your email by listening to the network, nor can they (more intrusively) set up a fake email server to capture your emails.

Alternatives

  • For wireless, you should really be using WPA2, but that’s not always available.
  • You can also use Webmail over a secure (HTTPS) connection.

Dealing with certificate problems

See also

Internal links

External links

Did this article answer your questions?

Article last updated .