I just switched to Thunderbird 15 email from Outlook 2010 for better
security. In the process, I chose to retain my old email address. In order to
get and receive messages, I needed to enter “None” for the security type for
both outgoing and incoming servers, and also enter the exact same ports for
those servers for Outlook. Somewhere along the line, when entering the old
ports, a warning came up about my understanding the risks, and I chose to
continue with those ports and “None” security settings. With my present setup,
would you say that Thunderbird is still significantly more secure from viruses,
phishing, etc than Outlook 2010?
In this excerpt from
Answercast #56, I look at the merits of security in Thunderbird vs.
Outlook.
Become a Patron of Ask Leo! and go ad-free!
Email security
So I’ve never really considered Outlook 2010 to be non-secure. I consider
Outlook and Thunderbird to be relatively equivalent on the security scale.
That’s not to say, “Outlook Express.” Outlook Express is a different program
from Outlook, and I think that everybody should be migrating away from Outlook
Express. But Outlook 2010 is a fine email program and I really don’t have any
security issues with it at all.
Now, that being said, the security that you’re discussing here… I’m not
really sure what it is you’re trying to avoid.
ISP security settings
The way that your computer connects to your ISP is not something that would
change simply by changing email programs. If your ISP requires a certain type
of connection on a certain type of port in order to access your email, that’s
independent of the email program you’re using.
In other words, yes, absolutely. The settings that you would be using in
Outlook would be exactly the same settings that you would be using in
Thunderbird. There would be no difference. Those settings are determined by
your ISP or your ESP (your email service provider).
Set up a secure connection
Now, that being said, you might want to look into your email service
provider and see if perhaps they do provide you the opportunity to make secure
selections.
The difference in the connection that we’re talking about here is that
usually, for example:
- For sending email, port 25 is the port that’s being used
for SMTP (outgoing email) and it’s not encrypted, which means that anybody
snooping in on your internet connection could see the email you’re sending.
It’s one of the things you don’t want to have happen, for example, in an open
Wi-Fi hotspot.
Now, there are usually alternatives.
- Port 465 (if I’m not mistaken) or 587 –
Those are ports that some email service providers provide as additional ways to
send your email that allow you to check that encrypted box, “Use SSL
security.”
So what happens is when email is sent on those ports, the email, (the
connection itself) is actually encrypted between your computer and the email
server. That means that anybody snooping in on your ethernet connection or
your Wi-Fi connection would only see encrypted noise. They wouldn’t be able to
actually see the messages that are going back and forth.
Outlook vs. Thunderbird
But again, those are functions provided by your email provider and they
are functions that you could use just as equally in Outlook as you could in
Thunderbird. The email program makes no distinction between the two; it simply
needs to be configured correctly to use whatever it is your email service
provider is providing.
Other security beyond that? I’m not really sure what it is you’re looking
for. Email programs certainly have a level of phishing protection (both of them
do these days). Viruses… kind of, sort of, maybe?
The choice that you’re making here, the migration from Outlook to
Thunderbird, while I laud it (because I like Thunderbird as an email program),
that liking has nothing to do with the security merit differences between the
two. I think they’re both pretty secure.
I happen to like Thunderbird as a simpler interface. It’s a relatively
faster program. It uses a storage model that I prefer. But I’m not really sure
what additional security that it is you’re looking for here. The connection
that we’ve talked about, the connection that you’ve brought up, is something
that could be done in either program.
Next from Answercast 56 – How do I get .zip attachments out of the .eml files that I get mailed to me?
Can I assume by your reference to “. . . uses a storage model I prefer.” in the last paragraph that you’re refering to the “File Format” bullet (#3) in the Thunderbird – A Free, Open Source, and Powerful Email Client” article? If so, I too find this aspect of Thunderbird design a powerful argument for its adoption.
The main concern is whether “Thunderbird is still significantly more secure from viruses, phishing, etc than Outlook 2010.”
I don’t know. I’ve never used Outlook 2010.
But I love Thunderbird. It will analyze a message and give you a warning if it thinks it is phishing, or faking something.
For example, it thinks Leo’s newsletters are a scam because not all the links go back to the sender’s domain. Now I know Leo’s not a scam, so I ignore the warning.
I received an email the other day and the email was impersonating Facebook, telling me of a post on my wall. When I clicked on the link to follow the comment, it warned me that I might not be going where I think I’m going, do I really want to go there?
Also, if the sender is in your email address book, it puts a yellow star beside their name. Of course an email could make the email from a known contact and fool you, but if it doesn’t have a yellow star, the first thing I ask is why should I trust the sender?
Thunderbird also has a trainable Junk setting. Mark your spam as Junk and it will learn the kinds of things you consider to be junk.
Does Outlook 2010 do all that?