On our Email Client Settings page we specify that you should use encryption for your incoming and outgoing mail connections with Runbox. This ensures that the data that is transferred between our servers and your devices is encrypted over the Internet so that others cannot read it if it is intercepted.

Unfortunately, the terminology surrounding the settings is not always clear, and email programs do not always use the terminology consistently. This is particularly true when it comes to outgoing mail service settings using SMTP (see What is the best option for SMTP?).

SSL – Secure Sockets Layer

SSL is the most common term that people come across when setting up an email program or app. This is the case even though SSL has be superseded by TLS (see below). Because there are similarities between SSL and TLS, both are often referred to as SSL even though technically this is incorrect.

SSL provides a way to encrypt a connection between your email program/app and our servers. It also provides a way to verify that you are connected to Runbox and not some other server that has intercepted your connection.

When an SSL connection is established your email program connects to our servers and they establish an secure connection that is encrypted, and then data is transmitted over this connection.

SSL is not the preferred security protocol (communication standard) as it has been improved on.

TLS – Transport Layer Security

TLS is similar in operation to SSL, but it is a more modern protocol and is more secure than SSL. Like SSL a secure connection is established with your email program and then data is transmitted over this connection.

Compared to SSL, TLS is the preferred protocol for connection encryption and security and many email programs will use TLS in preference to SSL even when both are supported.

STARTTLS

STARTTLS is different in that it is not a protocol, but actually a command issued between an email program and a server. It literally means “Start TLS” and begins a process where the email program and server turn an unencrypted connection in to a connection that is secured and encrypted with either SSL or TLS.

Terminology and Abbreviations

IMAP – Internet Message Access Protocol
POP – Post Office Protocol
SMTP – Simple Mail Transfer Protocol

Technically speaking, if you use IMAP with TLS/SSL on port 993 then it is really IMAPS. The extra “S” just means “secure”.

This might not be something you have heard before, but it is exactly the same as with websites. Most people know that websites that start https:// are secure (your Internet banking should be like this), whereas websites that start http:// are not using a secure connection. So just like we have HTTP and HTTPS we also have IMAP and IMAPS. The same is true for POP/POPS and SMTP/SMTPS.

Despite what might be technically correct, you will mostly see these protocols referred to as IMAP, POP and SMTP regardless of whether they are secure or not.

Ports and Encryption

Some ports are specified as being used for IMAPS, POPS and SMTPS,

For example:

IMAPS port 993
POPS port 995
SMTPS port 465

In addition if the server supports it, STARTTLS can be used on the normal ports that are generally used for unencrypted communication to turn them in to a secured connection.

For example:

IMAP port 143
POP port 110
SMTP ports 25, 26 and 587

Port 25 is generally used by email services to transfer email between servers as part of the normal email delivery process. This port has been blocked by many Internet Service Providers that provide consumer/domestic services so that viruses and malware can’t send mail directly to mail servers using an infected computer. Therefore, mail submission by consumers to a mail server for onward delivery is usually done on port 26 or 587.

Port 465 was officially designated a secured port for mail submission (SMTPS) using SSL/TLS in 1997 but this was revoked the year after when STARTTLS became more standardised. However, port 465 with TLS offered some benefits over STARTTLS (see next section) and has continued to be offered by email services and email clients even after its designation for secure mail submission was revoked.

In January 2018, it was recognised that port 465 would continue to be used for mail submission and that it offered the same benefits of POPS and IMAPS. Therefore it is now once again designated for encrypted mail submission.

What is the best option for SMTP?

With TLS on port 465 the connection is secured between the email program and server before any significant data is sent over the connection. This makes a lot of sense and is consistent with using TLS with port 993 or 995 when retrieving email from mail servers.

With port 587 and STARTTLS a small amount of SMTP data is exchanged without encryption while the servers set up the secure encrypted connection. This is not usually a cause for concern as it shouldn’t include any of your personal data.

You might find that because port 587 with STARTTLS was the official standard for many years that developers of email programs will previously have ensured their programs are compatible with these settings as a priority and will be less concerned about port 465 being compatible with a wide range of email providers. In some cases this can mean you may find port 587 with STARTTLS more reliable with some email programs.

What setting to choose in Email Clients

Just to make things more confusing, some email programs do not use the terminology consistently, or they change terminology from one version to another.

The most common problem with terminology is when SSL is used to mean TLS/SSL, and TLS is used to mean STARTTLS.

If you select TLS and the port automatically changed to 587, you can be pretty sure TLS means STARTTLS.

Generally speaking settings for POP/POPS and IMAP/IMAPS are straight forward.

Getting help with your settings

We hope this page will help you make a decision if you don’t want to go with the default settings that your email program uses.

However, if you need help with deciding which settings to use please get in touch with Runbox Support.