Securing Email Communications with Mac OS X Mail
This document explains how you can better secure your email communications between the mail server and your computer.
Why Should I Use SSL with Mail?
With enough time and effort, any person monitoring your network could capture "cleartext" (unencrypted data) traveling out of it. While there are programs like PGP that encrypt the body of an email message, your email server authentication data (including the login and password) are not encrypted by these tools. Given the amount of authentication-related information likely to be traveling over your network in cleartext at any one time, turning as much information from cleartext into "ciphertext" (encrypted data) is often preferred.
There are many ways to prevent cleartext throughout your network, and with the expanded capabilities of Mac OS X Mail application (Mac OS 10.1.3 and later)- you have an additional option. If your mail server or Internet service provider (ISP) is compatible with it, the option exists to encrypt the email traffic (including authentication data) between your computer and the mail server using SSL.
SSL has components to it called POPS and IMAPS, which correspond to the POP and IMAP protocols for receiving mail. POPS and IMAPS are similar in their nature to HTTPS, commonly seen in securing Web pages. The additional "S" at the end corresponds to "secure." Using SSL helps prevent unauthorized access to your administrative and user data.
Who Uses It?- Organizations who have networks that are fairly open, due to the nature of the organization- like college campuses, for example, often use Mail with SSL.
- Any users who have sensitive data or are concerned about unauthorized access to their mail or other accounts are also likely to use SSL in the Mail application.
ISP Mail Server Setup
Before setting up Mail to work with SSL, make sure your mail server has the ability to do this. Many ISPs will often have this option available to you. You should contact your ISP to find out if SSL mail (POPS/IMAPS) is an option, and if so, which port should be used.
The default SSL ports for POPS and IMAPS are:
POP: 995
IMAP: 993
The default non- SSL ports for POP and IMAP are:
POP: 110
IMAP: 143
Setting up Mail for SSL
Important: These steps require Mac OS X 10.1.3 or later.
1. Open the Mail application.
2. Choose Preferences from the Mail application menu.
3. Click Accounts.
4. Select an account name, and click Edit.
5. Click the Account Options tab.
6. Click the Use SSL checkbox to enable this option.
Selecting the checkbox will auto-populate the default port numbers. If there is a non-default port number already present, it will not change. You can manually enter a number if your ISP gave you a different port number. Be sure you enter the correct port for your mail server here when selecting SSL, even if it auto-populates a default number.
Note: If SSL is accidentally set up when it should not be, or is configured using the incorrect port for your mail server, an alert box with a message similar to this may appear:
"Fetch Error: Couldn't connect to a POP host name mail.apple.com."
Security Enhancements with Mac OS X 10.1.5
Mac OS X Update 10.1.5 adds extra security when using SSL with Mail. If Mail is configured to attempt to use SSL with a mail server that does not offer a secure connection, the account will go offline after attempting to connect. Uncheck the SSL option to use the account.
If you are not using Mac OS X 10.1.5, please see technical document 106704, "
Mac OS X: How to Update Your Software".