Skip to content

Home > Empowering Tips > Securing Email With SSL, TLS and STARTTLS

Securing Email With SSL, TLS and STARTTLS

January 27, 2023

As one of the most widely used communication methods these days, email is a constant target of cyber threats. From phishing mails to eavesdropping attack, email users are faced with multiple security risks if email security best practices are not employed. Using a strong password renders a pleasant first line of defense – the next would be using a secure connection when sending and receiving emails.

In this article, we will talk about the standard protocols used to secure email transmissions – SSL, TLS and STARTTLS – what are they, and why should they be used.

What is SSL/TLS?

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are security protocols designed for securing the connection between a client and the server with encryption. Both SSL and TLS work much the same, with TLS being the improved and up-to-date version. SSL has since been deprecated, but its name is still widely being used. Some people still use SSL to refer to TLS, while many use the term “SSL/TLS”.

With SSL/TLS, when a user sends or receives an email, the email client initiates a handshake with the server. During the handshake process, the email client tells the server which SSL/TLS version and the encryption method it is using. The server then returns its TLS digital certificate for the email client to verify its identity. Once the email server’s identity is verified and trusted by the email client, the email can be sent or received using an encrypted connection.

SSL/TLS typically connects through secure ports like 465, 993 and 995, instead of the default ports (25, 143, 110).

What is STARTTLS?

STARTTLS is an email protocol command that informs the email server that the email client wants to “upgrade” an existing insecure connection to a secure one, by using an SSL or a TLS protocol.

Email clients come with default ports like 25, 143 and 110 to establish connection with the email server. But the connection formed through these ports are not encrypted, and email messages that are transmitted through this medium can be easily intercepted by unauthorized party. STARTTLS will ask the email server if it supports an encrypted method. If it does, then the existing unsecure connection will be encrypted for emails to be transmitted securely.

Why should you use SSL, TLS or STARTTLS?

When you access your emails through an IMAP or a POP connection, or send emails through an SMTP connection, your username and password are sent in clear text across the Internet. This means there is a potential risk that someone can intercept your network traffic and see your username and password. If hackers obtain these details, they can access and read your emails, steal confidential information, send spam mails or viruses using your email account.

SSL/TLS and STARTTLS connections encrypt your email traffic so that it cannot be read at any point between your computer and the email server.

How to enable SSL/TLS and STARTTLS for email?

Open your email client’s configuration panel and choose “SSL/TLS” (or “SSL”, or “TLS”) or “STARTTLS” at the “Encryption Method” field. Some email clients may use different name for this field, like “Connection Security” or “Security Type”. Some have an even more direct display for this setting, with a simple “Use SSL” checkbox.

Lookafter email server supports the following ports and encryption mode:

ConnectionEncryption TypePort Number
IMAPSSL/TLS
STARTTLS
993
143
POPSSL/TLS
STARTTLS
995
110
SMTPSSL/TLS
STARTTLS
465
587

Find out more about email secure ports and setting in this article.