Problem solve Get help with specific problems with your technologies, process and projects.

Should iPhone email be sent without SSL encryption?

SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is.

I just purchased an iPhone and am trying to set up my email account. After setting up an account, I received a message saying that SSL cannot be activated. What are the security risks of using these account settings? What are my other options?

The Secure Sockets Layer (SSL) provides encryption for TCP/IP connections as they transit the Internet and local networks between a client and a server. In the case of iPhone email, SSL encrypts all of the communication between your phone and your mail server.

Why is this important? There are two very significant reasons. First, checking mail without using SSL means anyone with a device on the same network can eavesdrop on your communications. They can use commonly available tools, such as Wireshark, to read your email as it transits the network.

If you're not concerned about the confidentiality of your messages, there's another important reason to encrypt your email connections: protecting the security of your account. If you don't encrypt your connection to the mail server, it will send your username and password in cleartext on the network. An eavesdropper would then be able to log in to your mail account and send/receive email using your identity.

For these reasons, I strongly recommend that you use SSL-enabled connections for sending and receiving email, not just on your iPhone, but on all devices.

More on this topic

This was last published in April 2008

Dig Deeper on BYOD and mobile device security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.