SSL - Secure Sockets Layer protocol & email security

Supported email software
Netscape Messenger Mail Notification

Detailed SSL information
Comparison with other email security protocols

Supported email software

You can enable SSL with most, but not all of the IMAP and POP ITS supported email clients. Some older versions of Eudora do not support SSL. See the configuration instructions on the software pages or contact the Help Desk (203-432-9000 or email helpdesk@yale.edu).

After you have configured your email client to enable SSL, both your Incoming and Outgoing mail will be SSL-enabled. If you have an SSL-enabled email client and exchange mail with SSL-enabled ITS mail servers (i.e., biomed/omega/email) or any SSL- enabled email server on the Internet, you will have a method for secure email communications. SSL encrypts data that is sent between your computer and other SSL servers on the Internet.

If your email is being sent or routed through a mail server that is NOT SSL-enabled, you can NOT be assured of secure communications.

Netscape Messenger Mail Notification

There is currently no method to SSL enabled Netscape Mail Notification function. Using Netscape Mail Notification allows your mail server password to be sent in the clear (without encryption) over the network. Having Netscape Messenger SSL enabled has no effect on Netscape Mail Notification, therefore ITS recommends NOT using Netscape Mail Notification.

Detailed SSL information

Secure Sockets Layer (SSL) is a protocol developed by Netscape and approved as a standard by the Internet Engineering Task Force (IETF) for transmitting private documents via the Internet. Non-secure data can be compromised on its journey between mail servers (i.e., omega.med.yale.edu) and your local computer's mail client (i.e., Netscape Messenger). It can be copied or altered at routing points, or intercepted by an unfriendly server pretending to be the legal recipient of the message. SSL encrypts data that is sent between your computer and other SSL servers on the Internet.

You may see the terms SSL and TLS or Transport Layer Security being used interchangeably. TLS supercedes and is an extension of SSL. SSL encrypts messages and attachments, but ONLY in transport. They are encrypted as they travel from your personal computer an SSL mail server, and from that SSL mail server to another SSL recipient, but the message and/or attachment is not encrypted as it sits on the mail server, nor is it encrypted after it arrives at the desktop. SSL differs from protocols like S/MIME (Secure Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy), which encrypt messages and attachments, not only while in transport, but at your local computer before the message is sent, while being routed to any other server[s] (SSL-enabled or not) on the Internet, and then they must be decrypted at the email receiver's computer before they can be read.

SSL provides protection for your data by means of three security measures:

Client authentication: ensures that the client can uniquely identify the server, and can verify that data transfer will be secure.
Data encryption: the data is scrambled using complex encryption algorithms, so that even if it is intercepted en route it cannot be deciphered.
Data integrity checks: verifies that there has been no alteration of the data during transit.

Comparison with other email security protocols