How does secure email work?

PSMail protects the security of your emails throught the TLS (Transport Layer Security) protocol called Secure Socket Layer (SSL). The following article explains what SSL is and how it works.

The easiest way to make your email more secure is to use a secure email provider, like PSMail, that allows you to use the Secure Socket Layer (SSL) when connecting to their WebMail, POP, IMAP, and SMTP servers. How Secure email works with PSMail

SSL is a key based encryption mechanism. When you connect to a server using SSL, the following things happen:

  1. The server uses its private key to prove to your computer (automatically) that it is in fact the server you are trying to connect to. This prevents a “middleman,” pretending to be the servier, from intercepting your communications.
  2. Your computer sends the server your public key (automatically), which is random.
  3. The server generates a “secret key” and sends it to your computer encrypted by your public key.
  4. You and the server then communicate using symmetric key encryption using this shared secret key. No one could intercept your email unless they had this secret key, which is different each time.

The benefits of SSL are twofold: You can be sure that you are connecting to the right server, and you and the server communicate through a secure channel.

If you get any warning messages when connecting to a SSL based server using SSL, you should not ignore them. These warnings can indicate that your security has been compromised (see a sample image here). These warnings usually indicate one of the following:

  1. The server’s SSL certificate (i.e. signed by a certified authority) has expired.
  2. Some of the information in the certificate doesn’t match the information your computer expects (i.e. the certificate was issued for a different server name than the one you are trying to connect to). You could be inadvertently connecting to the wrong server.
  3. The certificate was issued by an untrusted agency.

SSL certificates are (generally) issued by third party agencies such as RapidSSL, Thawte.com, or Verisign. These 3rd party companies do a background check on the company requesting the certificate and only issue it if the company has a right to the certificate. The certificate includes the name of the company, the name of the issuing company, and the name of the server to which it is issued. When you connect to an SSL server but receive a warning, you can check the certificate to verify this embedded information and the fact that it was issued by a third party company that you trust. If all this checks out, then you can have confidence that the server you are connecting to is in fact the intended server.

A note of caution. Using SSL for WebMail, POP, IMAP, and SMTP ensures that all of the communications between your personal computer and your email service provider’s computers will be encrypted. Your message contents (attachments, headers, message body, username, and password) will be hidden from eavesdroppers. However, SSL is only one part of security. It only protects your email between you and your service provider! It does not protect your messages at all once they leave your SMTP Server and head to their destinations. SSL’s primary benefit is that it protects your message in the local context; a wireless connection in a public place or an open connection from an untrusted ISP, for example. If you are connected in these situations (ex. an airport or internet cafe), it is very easy for someone to eavesdrop on your computer and steal important information. With SSL, this is impossible.

Additionally, using SSL is easy. It usually only involves a simple change in the configuration of your email client, and it is transparent to your recipients (you can use SSL for these services even if your recipients do not). Because it is so easy and because the security you receive is vital in a local context, we strongly encourage the use of SSL for email communications whenever possible.

SSL based secure email is all about the encryption of email between your computer and the server that stores your messages. The diagram above illustrates how these various communications are protected with various efforts to keep them from prying eyes.


NOTE: There are other security options such as S/MIME and PGP which are also supported by PSMail. However, they are more complex to setup and manage at both the sender’s and recipient’s computers. If you have questions about these or any other security options, please contact us.

Leave a Reply