Should iPhone email be sent without SSL encryption?
SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is.
I just purchased an iPhone and am trying to set up my email account. After setting up an account, I received a message saying that SSL cannot be activated. What are the security risks of using these account settings? What are my other options?
The Secure Sockets Layer (SSL) provides encryption for TCP/IP connections as they transit the Internet and local networks between a client and a server. In the case of iPhone email, SSL encrypts all of the communication between your phone and your mail server.
Why is this important? There are two very significant reasons. First, checking mail without using SSL means anyone with a device on the same network can eavesdrop on your communications. They can use commonly available tools, such as Wireshark, to read your email as it transits the network.
If you're not concerned about the confidentiality of your messages, there's another important reason to encrypt your email connections: protecting the security of your account. If you don't encrypt your connection to the mail server, it will send your username and password in cleartext on the network. An eavesdropper would then be able to log in to your mail account and send/receive email using your identity.
For these reasons, I strongly recommend that you use SSL-enabled connections for sending and receiving email, not just on your iPhone, but on all devices.
- Michael Cobb explains how to make sure that an SSL connection protects sensitive Web data.
- Learn how SSL 'sits' in the OSI model, neither as a network layer protocol or an application layer one.