User Tools

Site Tools


faq:email:secure_imap_pop3_smtp_faq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
faq:email:secure_imap_pop3_smtp_faq [2019/08/06 09:58]
vikki
faq:email:secure_imap_pop3_smtp_faq [2019/12/19 15:18] (current)
ziyu
Line 2: Line 2:
  
  
-=== Q: What is the difference between secure mail access and the not secure one? ===+=== Q: What is the difference between the secure mail access and the non secure version? ===
 A: The concept is similar to HTTP and HTTPS. The secure mail access is a process that establishes an encrypted connection between you and the server, so that no one else (or machine) can observe the content that you are transferring, including your password and email content. A: The concept is similar to HTTP and HTTPS. The secure mail access is a process that establishes an encrypted connection between you and the server, so that no one else (or machine) can observe the content that you are transferring, including your password and email content.
  
  
-=== Q: My email has no secret, why should I use secure access? === +=== Q: My email has no secrets at all, why should I use secure access? === 
-A: Your password is. If your password is exposed, the person may gain control of your email account, logging in to your webmail system (and even changing your password), grabbing all your contacts and, most importantly, using your identity to send out malicious emails. You will get blacklisted, your business associates will make payment to the hackers’ bank accounts, or even get email with ransomware from you.+A: Your password is. If your password is exposed, the person may gain control of your email account, logging in to your webmail system (and even changing your password to deny you of access into your own account), grabbing all of your contacts and, most importantly, using your identity to send out malicious emails. You will get blacklisted, your business associates will make payment to the hackers’ bank accounts, or even receive emails containing ransomware from you.
  
  
-===== Q: Why does my mail client warn me "the secure certificate is invalid" or "cannot verify server identity"? =====+=== Q: Why does my mail client warn me "the secure certificate is invalid" or "cannot verify server identity"? ===
 A: That's because each secure certificate has to verify against the server name that you connect to. If you connect to mail.your-domain.com, your mail application will warn you as the certificate belongs to someone else like *.agnx.com. You can safely accept the certificate coming from agnx.com as it is AfterOffice Global Network Exchange domain. A: That's because each secure certificate has to verify against the server name that you connect to. If you connect to mail.your-domain.com, your mail application will warn you as the certificate belongs to someone else like *.agnx.com. You can safely accept the certificate coming from agnx.com as it is AfterOffice Global Network Exchange domain.
  
  
 === Q: Which secure connection should I use? SSL or STARTTLS? === === Q: Which secure connection should I use? SSL or STARTTLS? ===
-A: In most case, your mail client will decide which method is best to use. If you configure your mail client manually to connect to port 995 (POP3), 993 (IMAP), SSL will be used instead of STARTTLS. If your configuration still uses the "standard port" like 110, 143 or 587, it means STARTTLS is the best to enable secure connection on these ports. There is no "which is better" in comparison, it is all up to your mail application preference, and your network firewall (some ISP blocked the access to STMP port 25, some corporate network block all "insecure ports").+A: In most cases, your mail client will decide which method is best to be used. If you configure your mail client manually to connect to port 995 (POP3), 993 (IMAP), SSL will be used instead of STARTTLS. If your configuration still uses the "standard port" like 110, 143 or 587, it means STARTTLS is the best to enable secure connection on these ports. There is no "which is better" in comparison, it is all up to your mail application preference, and your network firewall (some ISP blocked the access to STMP port 25, some corporate network block all "insecure ports").
  
  
-=== Q: What is the deferent between SSL and STARTTLS? === +=== Q: What is the difference between SSL and STARTTLS? === 
-A: SSL is easier to configure as it is usually associated with a dedicated port number - although you need to get the port number right as SSL will be assumed running at the port. You cannot connect to port 110 with SSL for example, as the port has been reserved for plain POP3 connection (the secure POP3 port is at 995). Where STARTTLS is more advance since it is usually supported at the original ports (110 for POP3, 143 for IMAP, 25 and 587 for STMP etc). Connection to these "standard ports" will have to go with STARTTLS as it is more like a hybrid connection that starts as plain, switching to SSL after the connection is established. AfterOffice offers both SSL and STARTTLS at related ports.+A: SSL is easier to configure as it is usually associated with a dedicated port number - although you need to get the port number right as SSL is assumed to be running at the port. You cannot connect to port 110 with SSL for example, as the port has been reserved for plain POP3 connection (the secure POP3 port is at 995). Where STARTTLS is more advanced since it is usually supported at the original ports (110 for POP3, 143 for IMAP, 25 and 587 for STMP etc). Connection to these "standard ports" will have to go with STARTTLS as it is more of a hybrid connection that starts as plain, switching to SSL after the connection is established. AfterOffice offers both SSL and STARTTLS at related ports.
  
  
-=== Q: Do I need to use more sophisticate password authentication method like CRAM-MD5? === +=== Q: Do I need to use more sophisticated password authentication method like CRAM-MD5? === 
-A: Yes if you are still connecting to your mail server without SSL or STARTTLS. Not necessary (but good to have) if you've already connected with SSL or STARTTLS. It is safe to use "plain" password authentication once your connection is secured.+A: Yesif you are still connecting to your mail server without SSL or STARTTLS. Not necessary (but good practice to have it) if you've already connected with SSL or STARTTLS. It is safe to use "plain" password authentication once your connection is secured.
  
  
Line 31: Line 31:
  
 === Q: I have "SSL - accept all certs" options, should I use it? === === Q: I have "SSL - accept all certs" options, should I use it? ===
-A: Yes, it means the mail client will accept any certificate even if the host name is unmatched - which is generally fine. If you would like to established your own SSL certificate with your own domain, write to us at [[support@afteroffice.com]].+A: Yes, it means the mail client will accept any certificate even if the host name is unmatched - which is generally fine. If you would like to establish your own SSL certificate with your own domain, kindly write to us at [[support@afteroffice.com]] and we will assist you on that matter.
  
  
 === Q: Why is it that I can only use STARTTLS for SMTP port 587? === === Q: Why is it that I can only use STARTTLS for SMTP port 587? ===
-A: Due to legacy support, port 587 has been offering as an alternative to SMTP port 25, where only plain traffic is supported. To add security to port 587, it has to offer via STARTTLS. There is an unofficial SSL port for SMTP at 465 (mostly for Microsoft mail client and services) if you insist to use SSL port instead.+A: Due to legacy support, port 587 has been offered as an alternative to SMTP port 25, where only plain traffic is supported. To add security to port 587, it has to be offered via STARTTLS. There is an unofficial SSL port for SMTP at 465 (mostly for Microsoft mail client and services) if you insist to use SSL port instead.
  
  
Line 42: Line 42:
  
  
-=== Q: I am still on pretty old system and mail application has limited support for SSL, should I be worried? === +=== Q: I am still on an old system and its mail application has limited support for SSL, should I be worried? === 
-A: Make sure you don't use "plain" password authentication method (CRAM-MD5 is good alternative), stay away from public network (open WIFI)then you should be fine.+A: Make sure that you don't use "plain" password authentication method (CRAM-MD5 is good alternative), stay away from public network (open WIFI) and then you should be fine.
faq/email/secure_imap_pop3_smtp_faq.1565056694.txt.gz · Last modified: 2019/08/06 09:58 by vikki