You may be wondering why I would spend my valuable time learning and configuring my system to send encrypted emails. My reasons, to be brief, are very much the same that Bill discussed some weeks ago. The most succinct reason is: “The same reason that most paper mail isn’t on postcards.”
Not that my adoption of encryption will change this, but does it occur to you that all of those bills and other documents that are being emailed to you are completely retrievable by anyone who cares to look?
“Sure,” you say, “but that person would have to be some kind of computer guru who has access to special tools, right?” Wrong.
At work we use a program called WireShark for analyzing network traffic, it’s open source software that anyone can download and use. Although being a computer guru might help, the software makes it surprisingly easy to make sense of the garbage flowing around on the intertubes. Anyone who can connect somewhere along the network path from you to your email server can intercept and read your email. Note: Many email servers allow for encryption in the transfer to/from your PC, I recommend that you turn this on if your server supports it. For instructions, read on![1]
For demonstration purposes, I setup one of my email accounts with no login or communication security (this is the default for most email programs!!). I sent myself an email from one email account to another , and by simply selecting the packets marked “POP” and telling WireShark to “follow the TCP stream”, I get a text chain that is so detailed, I dare not even post it here. Passwords, user names, server information, etc… all plain as day.
So even if I cannot persuade you to use encrypted email, you at least owe it to yourself to be connecting to your email server in a secure way. [2] These instructions are for Thunderbird 2.0.0.16 on WXP, your mileage may vary.
- From the main Thunderbird window, select Tools -> Account Settings…
- From the account settings dialog, select “Server Settings” on the left hand side for the account you want to edit (repeat for other accounts).
- On the right hand side of the dialog, you’ll see a “Security Settings” area that looks like this:
These are the settings for GETTING email.
- If “Never” is selected and “Use secure authentication” is NOT checked, then you are sending your email and your account information in plain text. This is obviously less than ideal.
- “TLS, if available” is sort-of a cop-out. It will try to communicate in a secure fashion (Transport Layer Security), but if the server doesn’t support it, then it will go ahead and send it plain. So you don’t really know if you’re secure or not. Your server’s support for TLS isn’t likely to change from minute to minute (or even day to day) so you might as well select “TLS”. If your server does NOT support TLS, you’ll know because you won’t successfully get your email (you’ll probably get an error dialog of some kind).[3]
- “SSL” (Secure Socket Layer) is better yet, but few servers support it because most users aren’t informed enough to know to want it.
- Last there is that checkbox for secure authentication. Check it by checking it (I kill me). If your server doesn’t support this, the next time you check email you’ll get a popup from Thunderbird that “Mail server does not support secure authentication.”
- At the very bottom of the left hand pane are the “Outgoing Server (SNMP)” settings.
- Select this, and choose your SMTP server from the dialog and click Edit… You’ll see the same basic settings as above, but this is for SENDING email rather than GETTING email.
- Don’t forget to send yourself some email to test your new more secure connection.
- Edit: I hate it when I spell a tag wrong and my entire website suddenly converts to bold text! [↩]
- Of course this won’t secure your messages themselves unless the recipients are also protecting their email server traffic! [↩]
- Note that it might be worth selecting “TLS, if available” if your server does NOT support the other options. That way if your server ADDS TLS support you’ll get it automatically, but don’t hold your breath. [↩]
