[FQuest Announce] - Secure Email Protocols Now Available

[Bob]

In addition to the recent announcements for Secure QuestMail access and Secure CNC access, FutureQuest is pleased to announce secure options for accessing your email by POP3 or IMAP, as well as a secure option for sending email by SMTP.

The new Secure Email Protocols are available now!

POP3 over SSL (or POP3S) uses port 995
SMTP over SSL (or SMTPS) uses port 465
IMAP over SSL (or IMAPS) uses port 993

The traditional email services, which include POP3, IMAP and SMTP, remain available on their usual ports. If you make no changes to your email settings your email will continue to function as you are accustomed to it functioning.

For those of you who would like to take advantage of the new secure protocols you may find that your existing email client already provides an option for enabling this feature. Although FutureQuest cannot directly support the configuration of third-party software, such as email clients or IMAP, here are some configuration guidelines to use the secure protocols:

• You should continue to use the same server/host name settings.
  If your domain is example.com, then the server name settings are:
  POP3 Host: pop.example.com
  SMTP Host: mail.example.com
  IMAP Host: pop.example.com
  
  
• Look for the configuration panel for secure options under a tab such as "Advanced" or "Secure" within the Account or Server properties section of your email client.
  
  
• If the email client offers a choice of encryption methods, choose SSL.
  The STARTTLS method is NOT supported.
  
  
• Some email clients will automatically choose the correct port numbers. However, some clients require the port numbers to be manually entered. Please refer to the port numbers listed at the top of this announcement.

For additional assistance in configuring your email client to use secure access, you should contact the email client's support providers. We also encourage you to post questions and solutions within these forums so that others using the same email client may provide tips/suggestions as well as learn from the knowledge you share.

A note about certificate warnings:
The certificate that is used to accomplish the necessary SSL encryption for the email protocols is issued to Secure.FutureQuest.net. Some email clients will issue a warning each time you connect because the domain name does not match your own, some will issue a warning only the first time you connect after starting your email program, while others have an option to always accept the certificate. This behavior varies from email client to email client, and is not under FutureQuest's control.

FutureQuest is pleased to offer you the choice between traditional email access methods or secure email access methods. There are no extra fees for either type of email access. We simply hope this further empowers you to work with your email options in the way that suits your requirements best

From yours truly
The FutureQuest Team
-

[cjcox]

Thanks terra, deb (and everyone at fq)!

I love you all (even when I get real whiny)!

[hobbes]

-- oops, scratch that last one --

[Tom]

Very interesting and it was a snap to set it up (I do get the warnings).

Question: What are the security concerns in e-mail that would lead someone to using SSL for their e-mail? Are non-secure e-mails at risk that I've been unaware of until now? (I get it when using public WiFi for e-mail)

(If this needs to move to another location, feel free to move my question.)

[rb]

Quote:

Originally Posted by Tom

Very interesting and it was a snap to set it up (I do get the warnings).

Question: What are the security concerns in e-mail that would lead someone to using SSL for their e-mail? Are non-secure e-mails at risk that I've been unaware of until now? (I get it when using public WiFi for e-mail)

(If this needs to move to another location, feel free to move my question.)

Anyone who can see your network traffic, such as anyone within range on a unencrypted WiFi network, or a sysadmin for your LAN, can easily capture your user name and password for email unless you use this new protocol, or port forwarding with an SSH client such as Putty.

I have been using Putty for a long time, but it's inconvenient to start a seperate program, so this new service is appreciated.

[Bruce]

Quote:

Originally Posted by Tom

Question: What are the security concerns in e-mail that would lead someone to using SSL for their e-mail? Are non-secure e-mails at risk that I've been unaware of until now? (I get it when using public WiFi for e-mail)

The primary concern is to keep any passwords used to access the account from being exposed. Also, if you don't trust the connection between you and your mail host (FutureQuest), this will encrypt all the traffic. All mail sent between our servers and other servers is still in the clear, though, so the contents can still be picked up that way, but the links between servers tend to be at least slightly better secured than the links to end users.

[jay scott]

Thank you, FutureQuest! Now I can read my e-mail over an insecure public wireless connection.

[Wassercrats]

Quote:

Originally Posted by Bruce

All mail sent between our servers and other servers is still in the clear, though, so the contents can still be picked up that way...

Doesn't email have to go through a third party server to get to and from me? Would Putty be more secure?

[Bruce]

Quote:

Originally Posted by Wassercrats

Doesn't email have to go through a third party server to get to and from me?

Define third party, please. When you pick up mail from us (via POP or IMAP) or use us as a relay (SMTP) the network traffic goes through many other routers and gateways (some provided by your ISP, some by the backbones, etc), but no mail servers. Similar for using us as a relay (unless they are capturing SMTP traffic).

Quote:

Would Putty be more secure?

Using SSH (through PuTTY or equivalent) has some advantages. First, each connection (after the first) authenticates the host unlike the current SSL setup. Second, you can tunnel other services that do not (yet) have SSL ports (such as connecting to your stats or whatever). Neither the use of SSL nor SSH has any impact on the traffic we send to and receive from other mail servers.

[tril]

Excellent!

Anyone know of a way to get fetchmail to stop crying about the certificate domain?