Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I switch to an encrypted connection to my ISP’s email servers?

Question:

I have several Windows Live email accounts and notice that under the
‘Properties – Advanced’ tab for the outgoing and incoming server that “This
server requires a secure connection” boxes are unchecked. I figured that this
will provide encryption by checking them. However, when I did testing, the
emails failed until I unchecked them again. I asked Verizon about this and they
claim that they don’t support Windows Live Mail. Also, they mentioned I should
be using servers 995 for outgoing and 465 for incoming. Mine are 110 and 25 and
work and the others I read are for Windows Live Hotmail. Could you be so kind
of as to clarify this since I can’t get an answer?

In this excerpt from
Answercast #54
, I look at the various ports available on mail servers and
how they handle encryption – both incoming and outgoing.

Become a Patron of Ask Leo! and go ad-free!

Encrypted email settings

So there’s definitely some confusion in this question. Encrypting a
connection to your mail server requires more than just checking a box.

The port number that we’re talking about, the 110, the 25, the 465, the
995s, those need to be changed as well. In other words, ports that you’re
connecting to are either encrypted or not. So when you want to switch from an
unencrypted transmission between your machine and the remote email server, you
need to do both:

  • You need to change the port to one that will accept an encrypted
    connection;

  • And you need to set the encrypted connection flag.

Server ports

Now, very quickly I’ll do this in numerical order starting at 25.

Port 25 is the port that’s used to send unencrypted mail.
It’s the SMTP port. So your computer (when you send a piece of email) connects
to the email server on port 25 and sends email through it unencrypted.

Port 110 is the POP3 email download port. In other words,
when your email program wants to get email (get your email from your
account), it connects to your email service’s server on port 110 and asks it for
your email. Port 110 is unencrypted, so it is all being transmitted in the
clear.

Port 465 is a bit of a confusing one. It is used for
sending email. Some servers will use it unencrypted. (In other words, it’s
exactly the same as port 25.) Some services will actually provide it as an
encrypted alternative to port 25. But it is fundamentally, the same thing. It is
still the SMTP email sending port that the server is listening for
connections on. And depending on how your ISP has set it up, it may require an
encrypted connection; it may not.

Port 587: Another port that you haven’t listed is port 587.
587 is another SMTP sending port. It is typically encrypted.

Finally, port 995 is a POP3 port for downloading your email, but 995 is the encrypted version of 110.

Setting ports and encryption

So, if for example, your email program is currently configured to use port
110 and encryption is not required, if you want to encrypt (and if your email
service supports encryption), then you would do both:

  • Setting the port to 995,

  • AND checking the “requires encryption” checkbox.

Now, I have to caveat all this because all of this depends on exactly what
your email service (or your ISP) provides. These ports are not specific to
Windows Live Hotmail. They’re not specific to Microsoft. None of them are.
They’re actually quite generic.

The fact is that email service providers have many options. They all pretty
much need to support the unencrypted 110 and 25. But since email encryption has
become so important over the years, different ISPs have enabled it in
different ways and on different ports. That’s why there are so many options in
your email configuration in your email program.

Check with your ISP

So, really you do need to go back to your ISP. In this case, I’m not sure if
it was Verizon or whomever.

Ask them, “What are the settings I need to use in my email program in order
to connect to your email server encrypted?”

  • They should give you a pair of ports, perhaps 995 and 465, and the fact that
    you should be setting the encryption flag for each of those ports.

  • They may be different ports;

  • And they may even say that they don’t support encryption.

Those are the kinds of things that can happen. But like I said, just
checking that box without changing the port number is probably not going to
work because the port is going to handle one or the other but not
both.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.