I've got a question about securing emails with SSL.
If I get an SSL certificate to secure my email, that would mean that the connection between my mail client and my mail server will be encrypted. So anyone listening in couldn't view my emails or username and password. But what happens between the mail server and the destination mail server? And between there and the recipient's mail client? If the reciepient isn't using SSL, will the email and it's contents still be secure?
Also, out of interest, is the danger of people "listening in" just from your internal network (people using packet sniffers) or is there a danger of people out in the cloud listening in?
Thanks,
Michael
This only secures the connection/communication between your mail client and the mail server.
So people on your internal network can't sniff (at least not in clear text) your mail.
How the transport between the mail server from your server to the server of the recipient happens depends on their configuration.
Basically you can't avoid the risk of some mail server operator reading your mail, or the NSA reading it, and so on...
The only thing to secure your mail against a malicious mail server operator would be to encrypt your mail with some Public-key cryptography system (e.g. PGP).
Only the connection between your client (if correctly configured) and your server will be encrypted (same for the recipients end), once the email leaves your server on its way to your recipients mailserver it will be open for all to see.
Ie. You (using SSL) -> SECURE -> Your Server -> UNSECURE -> Internet -> UNSECURE -> Recipient's Server -> SECURE -> Recipient (using SSL).
To ensure secure delivery the email needs to be encrypted end-to-end (ie. the actual contents of the email - rather than just the delivery to/from the server). This can be done through several differnt mechanism (see Wikipedia for a list) one of the more common ones is using PGP for email (see google for more).
There is a risk of people listening in on both the internal network and in the cloud, the probabilities of eitehr i am not sure on but i would say the internal network would generally be the more liekly location of a 'listener'.
If I get an SSL certificate to secure
my email, that would mean that the
connection between my mail client and
my mail server will be encrypted.
No. But it would mean that it's possible to establish an encrypted connection to your server.
But what happens between the mail
server and the destination mail
server? And between there and the
recipient's mail client? If the
reciepient isn't using SSL, will the
email and it's contents still be
secure?
No. All you get from SSL-encrypting the connection to your server is the encrypted login dialog so attackers won't be able to look at your username/password.
If you want to protect your mail messages, you will have to encrypt them in the mail client. PGP and S/MIME come to mind.