A: The concept is similar to HTTP and HTTPS. The secure mail access is a process that establishes an encrypted connection between you and the server, so that no one else (or machine) can observe the content that you are transferring, including your password and email content.
A: Your password is. If your password is exposed, the person may gain control of your email account, logging in to your webmail system (and even changing your password to deny you of access into your own account), grabbing all of your contacts and, most importantly, using your identity to send out malicious emails. You will get blacklisted, your business associates will make payment to the hackers’ bank accounts, or even receive emails containing ransomware from you.
A: That's because each secure certificate has to verify against the server name that you connect to. If you connect to mail.your-domain.com, your mail application will warn you as the certificate belongs to someone else like *.agnx.com. You can safely accept the certificate coming from agnx.com as it is AfterOffice Global Network Exchange domain.
A: In most cases, your mail client will decide which method is best to be used. If you configure your mail client manually to connect to port 995 (POP3), 993 (IMAP), SSL will be used instead of STARTTLS. If your configuration still uses the “standard port” like 110, 143 or 587, it means STARTTLS is the best to enable secure connection on these ports. There is no “which is better” in comparison, it is all up to your mail application preference, and your network firewall (some ISP blocked the access to STMP port 25, some corporate network block all “insecure ports”).
A: SSL is easier to configure as it is usually associated with a dedicated port number - although you need to get the port number right as SSL is assumed to be running at the port. You cannot connect to port 110 with SSL for example, as the port has been reserved for plain POP3 connection (the secure POP3 port is at 995). Where STARTTLS is more advanced since it is usually supported at the original ports (110 for POP3, 143 for IMAP, 25 and 587 for STMP etc). Connection to these “standard ports” will have to go with STARTTLS as it is more of a hybrid connection that starts as plain, switching to SSL after the connection is established. AfterOffice offers both SSL and STARTTLS at related ports.
A: Yes, if you are still connecting to your mail server without SSL or STARTTLS. Not necessary (but a good practice to have it) if you've already connected with SSL or STARTTLS. It is safe to use “plain” password authentication once your connection is secured.
A: Some mail clients don't advertise or distinguish between SSL and STARTTLS. It just states SSL as either SSL or STARTTLS connection.
A: Yes, it means the mail client will accept any certificate even if the host name is unmatched - which is generally fine. If you would like to establish your own SSL certificate with your own domain, kindly write to us at support@afteroffice.com and we will assist you on that matter.
A: Due to legacy support, port 587 has been offered as an alternative to SMTP port 25, where only plain traffic is supported. To add security to port 587, it has to be offered via STARTTLS. There is an unofficial SSL port for SMTP at 465 (mostly for Microsoft mail client and services) if you insist to use SSL port instead.
A: If you have trouble setting up port 25 as STMP, it is likely that your ISP or corporate network has blocked it, to prevent abuse. Use port 587 instead.
A: Make sure that you don't use “plain” password authentication method (CRAM-MD5 is a good alternative), stay away from public network (open WIFI) and then you should be fine.