Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I keep my email safe from sniffing?

I recently heard of a scenario where an individual was able to “sniff” or
listen in to the wireless network traffic within range and from that, determine
the account name, server and passwords from everyone who
happened to check email while he was looking.

Scary huh?

And every time you use public internet facilities and hotspots, you may be
at risk.

Become a Patron of Ask Leo! and go ad-free!

The simplest solution is to use webmail, making sure that it’s on an
“https”, secure, connection. That’s encrypted and safe from any sniffers that
happen to see it.

But for many of us, that’s not as optimal as we’d like. We’d like to keep
using our regular email program and POP3/IMAP/SMTP servers.

Enter “SSH Tunneling”.

“…every time you use public internet facilities and
hotspots, you may be at risk.”

Now, one of the requirements for SSH tunneling is that you have SSH (Secure
SHell) access to your mail server. If you do not (and if you don’t know, you
probably don’t), you can stop reading now. Check with your ISP if you like, to
see if you can get it, but this technique relies on SSH being available on your
server.

The good news is that once you have SSH access, there’s no further
server-side configuration.

In short, the technique works like this:

  • Using your SSH client or other tools, set up a “tunnel” for ports 25 and
    110 on your machine to those same ports on your mail server. This does require
    that the client or tool be kept running.
  • configure your mail client to send to and fetch from “localhost” instead of
    your mail server.

That’s really all there is to it.

Let’s walk through the details for Windows users.

Start by grabbing the free SSH client and tools called PuTTY. Get the ZIP file that contains all the tools,
because we’ll be using more than just the PuTTY client.

One of the tools is called “plink”. In a command shell, run the
following:

plink -v -L 110:mailserver:110 -L 25:mailserver:25 -2
you@mailserver -N -pw yourpassword

Where:

  • -v: verbose – optional, but it will show you what plink is
    doing setting up the tunnel, and as long as the tunnel is active.
  • -L 110:mailserver:110: defines a tunnel of port 110 on
    your local machine to go to port 110 on the mailserver. Port 110 is the POP3
    mail service. You would replace “mailserver” with the name of your POP
    server.
  • -L 25:mailserver:25: defines a tunnel of port 25 on your
    local machine to port 25 on the mailserver. Port 25 is the outgoing SMTP mail
    port. Again, you would replace “mailserver” with the name of your SMTP
    server.
  • -2: force ssh v2 protocol only. Optional, but slightly
    more secure. Use it unless your remote server doesn’t support it.
  • you@mailserver: your ssh login account name @ your
    mailserver.
  • -N: no shell. Normally plink will also open up an
    interactive shell. For our purposes here we don’t need one.
  • -pw yourpassword: your password for your ssh login account
    name. You can also leave this off to be prompted instead.

Leave plink running once it connects.

Now, in your email client (Outlook, Eudora, whatever), change both
the POP3 and SMTP servers to “localhost”.

You’re done.

Here’s what happens now: when you reload your email client, it will attempt
to, for example, fetch POP3 mail from “localhost, port 110”. Plink is listening
to port 110 on your local machine, encrypts the data and sends it to the ssh
server running on the mail server. There, the ssh server decrypts the data, and
forwards it on to port 110 on the mail server. Data coming back is handled
similarly, as is the SMTP port 25 conversation we defined as well.

A couple of additional notes…

You can tunnel other protocols (like mySql, imap, etc…) by adding “-L
port:server:port” parameters to the plink line.

You can perform the port forwarding in PuTTY itself, the interactive client
if you like – there is a section in the options for that, and it can be saved
with the profile for that connection.

Remember that while your email is configured to use “localhost” as the mail
server, the tunnel must be running (the plink command must be active). If it is
not, email will fail.

There’s technically nothing wrong with using this all the time. Still, what
I’ve done in Outlook is to clone a separate profile that I can select at
Outlook startup. So when I’m at home using my own secure network, the
connections are direct and unencrypted as before. When traveling, I start the
tunnel, and select the profile that uses it.

Other SSH clients do support tunneling though not all. PuTTY is free, and
works well for me.

Do this:

Subscribe to Confident Computing! More confidence & less frustration -- solutions, answers, & tips -- in your inbox every week.

I'll see you there!

30 comments on “How can I keep my email safe from sniffing?”

  1. Leo,

    Do the servers involved have to be configured to support the tunnel? How standard is this for SMTP and POP3 servers to support SSH tunnels?

    I have tried plink (as described above) at my place of business and received errors as follows:
    Network error: Connection refused
    FATAL ERROR: Network error: Connection refused

    I’m fairly certain that I’ve followed your instructions properly which leads me to believe that our servers do not support SSH tunneling.

    Thanks for the article!

    Reply
  2. It definitely requires server-side support, and it sounds like your ISP doesn’t have it. SSH is completely separate from SMTP and POP3 … it’s a remote terminal protocol that can also be used to tunnel other protocols. You’ll have to check with your ISP.

    Reply
  3. My applogies, you did answer my questions above. As the advertisement was inserted in front of it, I didn’t see there was usable information on to the right of the ads.

    Cheers!

    Reply
  4. Hi Leo,
    Sometimes, when I am at my work I use my laptop to check my email connecting through a wireless network in range.
    I have in my laptop a free version of ZoneAlarm security software (basic firewall protection). It says that my computer is hidden and protected from hackers and that sharing is not allowed.
    Do you think that it is enough to keep my computer safe when I am online and checking my email?
    Do I still need set up this “complicated” process of tunneling to be secure?
    Thanks!

    Reply
  5. Having a firewall does NOT protect the data that leaves your computer. Any internet surfing you do, or email you read, can potentially be viewed by someone else nearby without your knowledge, unless you take steps, like encrypting the data.

    Reply
  6. A while ago i used msn to have a chat, someone entered my msn chat from oct 05 and then forwarded it to me, how could they do this when i havent saved the conversations??THANK YOU

    Reply
  7. Remember it takes two people to chat. Either of them can save the conversation in MSN Instant Messenger. If you didn’t, then perhaps the person you were chatting with did.

    Reply
  8. Hi, Leo. Do you know of any stats, or have a sense, of how widespread it is for websites to sniff and use the email addresses of consumers who visit the site?
    Ruth

    Reply
  9. Pretty close to zero. A website cannot “sniff” your email.

    Now, if spyware were installed, that could allow anyone (website or not) to sniff. So make sure your spyware scanners are up to date: http://ask-leo.com/spyware_how_do_i_remove_and_avoid_spyware.html

    And if you put yoru email address in a public place, like posting in the body of a comment on a site like this, then there are spiders that scan websites looking for things that look like email addresses, and hence could harvest your email address that way. This article has more: http://ask-leo.com/why_shouldnt_i_post_my_email_address_in_a_public_forum.html

    Reply
  10. Hello,

    I sometimes check my email at work on a company computer,I am not sure if spyware was installed, but i do know there is a firewall. My question is, can management read my personal emails with the use of spyware? Also, is there anyway to safe guard hotmail, to prevent snoopers?

    Thanks

    Reply
  11. Of course your company can be sniffing. AND it’s legal. They own all the peices that connect you to the internet, and could install sniffing software or hardware anywhere along the way.

    Reply
  12. can my ex find out that i was snooping? I logged on to hotmail as him – but the guilt hit straight away and so i logged out almost immediately. Can he tell that i logged on to his email from somewhere else? (we live at opposite ends of the world). I didn’t open any of his emails or anything.

    Reply
  13. Hello Leo; I was wondering if it is possible to use SSH access (Putty or other SSH client) with free email servers such as Gmail or yahoo? I mean, Does any free email service providers allows users to connect to their email servers via SSH? … I have been doing some research and it looks that none of the free email providers worldwide supports and allows users to connect to their email servers using SSH. Does anyone knows about a free email service provider which allows users to connect via SSH? I mean, for Free.

    Reply
  14. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    I’m not aware of any free services that allow for SSH
    access.

    With *some* you can do secure SMTP and POP3 instead – that’s
    typically easier to set up anyway. Check with the provider.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIWEUlCMEe9B/8oqERAuovAJ9wFUviTxgv0R+J5nxn0nNYBJVK+gCgheDE
    ydrNofsv8o+T1TvhjZgxhzs=
    =wmnX
    —–END PGP SIGNATURE—–

    Reply
  15. I believe someone hacked into my yahoo e-mail account and took some e-mails and forwarded them to someone else. Just not sure how this can happen?

    Reply
  16. I have Yahoo as E mail. I can tell someone is spying on my E mails and some get deleted before I can see them I have windows visa and want to use my windows mail but don’t know how to set it up. I also have Verizon as broadband built into my computer which I purchased from Dell. I don’t feel secure at all, when I go into my acct, my computer makes me shut down without signing off. I really need security. PLEASE HELP. I have macAfee but it seems like I am getting phising pages instead of the real thin.

    Reply
  17. Leo,
    Or anyone else that knows the answer. Would a proprietary email program such as the original Juno 5 be safer than Windows mail? I am not sure if its POP or not, but I do not think it is.

    Thanks.

    Reply
  18. If I scan all my important docs – birth certificates, credit cards info, etc and email it to myself to keep in a file that can be accessed by myself anywhere I am – Is it safe, can anyone else access the info in my hotmail account?

    NO!!!

    Given the frequency with which I hear about account theft and hacks, there’s no way anyone should be keeping that kind of information in a free email account like Hotmail.

    Even mailing it to yourself is dangerous, because the mail travels unencrypted, and could be sniffed somewhere along the way.

    Don’t do it.

    – Leo
    19-Mar-2009
    Reply
  19. Someone has seen my email, they have also seen emails sent 2 me.I have a lap top, just wanted 2 know if emailed pictures get saved 2 the computer. Cant figure out how they were able to see pictures that were only through emails. help

    Reply
  20. I was just wondering if you can tell me how dating sites get your information because they keep sending me things that I do not want and my boyfriend thinks thigs are going on that are not. Please Help!!!!!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.