One aspect of securing your emails is ensuring your mails can’t be hijacked while on transit from source to destination. The most common method used to do this is encrypting emails before sending them. SSL and TLS help ensure this encryption is done and that data integrity and proper authentication are also achieved.
Encryption is the process of mixing up data so that even if an unauthorized party was to intercept the data, they would not be able to read it. The goal is to ensure that only the party the data is intended for can read and make sense of the data. Emails have three implementations of this. Lets look at all that needs to be known about each implementation in relation to emails.
SSL stands for Secure Sockets Layer. This is an internet protocol that allows encryption of emails when being sent between clients and servers. To implement SSL protocol, you need to have an SSL certificate installed on the server. SSL certificates can either be bought from vendors or obtained freely e.g as Let’s Encrypt SSL, cPanel SSL and Cloudflare SSL are obtained.
Up until 2015, SSL was the standard encryption protocol across the internet. However, several flaws came to be discovered with SSLv3.0 which eventually rendered these protocol insecure.
Currently, SSL protocol is majorly depreciated and unused as a more secure protocol was adapted.
For emails, SSL connections are made via SSL specific ports as follows: IMAP via 993, POP3 via 995 and SMTP via 465
As a result of SSL vulnerabilities, improvements were made so as to come up with a more secure version of SSL. This version came to be known as TLS, which stands for Transport Layer Security. Like SSL, TLS is an internet security protocol that allows encryption of emails. Its a descendant of the SSL protocol.
In fact, TLS was actually called SSLv3.1 before it was renamed to TLS due to changes of the organizations developing it. TLS is the current standard encryption protocol, specifically TLSv1.2. The most current version of TLS is TLSv1.3 developed in 2018. TLSv1.0 and TLSv1.1 also do contain vulnerabilities and as such, we are moving away from these too. Like SSL, TLS need a TLS certificate installed on the server for the protocol to work.
Just like SSL, TLS has specific ports to use with emails: IMAP via 143, POP3 via 110 and SMTP via 587
STARTTLS is not a protocol as SSL and TLS are, but is a command. This command is understood by other mail protocols such as IMAP, POP3 and SMTP. When received, the respective protocols will change an unencrypted connection to an encrypted one using any encryption method available on a server. STARTTLS does not require use of secure ports to achieve encryption as TLS and SSL do. It uses unencrypted ports.
These three methods are used to encrypted email communication, masking the email content from unauthorized parties. However, as noted, you must also take care not to use versions of the protocols with known issues. These are, all versions of SSL, TLSv1.0 and TLSv1.1
The recommended TLS encryption to use is TLSv1.2 which is tested and proves secure than any other. Most software like cPanel will set up this encryption by default. STARTTLS can also be used to upgrade unencrypted connections to encrypted ones without changing the communication ports.
Insecure email communication contains no encryption and instead transmits data in plain text. This is implemented via IMAP port 143, POP3 port 110 and SMTP port 25.
It is worth noting that, though SSL protocol is majorly depreciated, the term SSL was generally adopted to mean either SSL or TLS. Even the so called SSL certificates are actually TLS certificates, but because many people still understood its as SSL, the name has been used interchangebly with TLS. Some people prefer to use the terms SSL/TLS or TLS/SSL to refer to these encryption.