Knowledge Essentials - 3Essentials Hosting

Encrypting email and SMTP,POP, and IMAP over SSL

Article ID: 576

 Back to Search


I want to encrypt email messages, does 3Essentials support this.


When we talk about encrypting email, people are often confused by two different, yet related aspects of encrypting email.  Generally, most people think they are talking about Encrypting an EMAIL Message, when in reality, what most people are seeking is the Ecryption of the Transmission or Receipt of an Email during it's submission or retrieval via SMTP, POP, or IMAP.  Both topics are discussed below.  

Encrypting an EMAIL message

When we talk about encypting an actual EMAIL message, we're talking about the actual email message being encrypted EVEN BEFORE you send it.  Then it traverses the entire email system encrypted, from submission into a mail server, routing across the internet to the recipients mailbox, retrieved into their mail client... all still encrypted.  Then the recipient must then be able to decrypt it.  In this scenario, the message could be transmitted over unecrypted protocols and it would still be safe, as the message itself was encrypted before it was introduced into the mail stream.

You can send an encrypted email through any standard email server without any specific functionality required on the server side.  This is because the mail server doesn't care what the mail is or whether it's encrypted... it's just 1's and 0's... and it just sends it through the mail system whether the message is encrypted or not.  It's up to the RECIPIENT to have the necessary info to decrypt it. 

The following is an article from MS on how to encrypt an email message in Outlook... If you're wanting to send an encrypted email message from your website, you're website developer would have to translate this into how to encrypt an email message programmatically on your website before sending.

Or you can google/yahoo encrypt email and your preferred email client and probably find exactly the info you need, i.e., google encrypt email with thunderbird.

Encrypting the TRANSMISSION or RECEIPT of an email (SMTP/POP/IMAP over SSL/TLS)

When you send an email, there are actually multiple steps involved in moving the message from the sender and recipient.  There are multiple stages (and protocols used) of the communication:

  • STAGE1: sending of the mail message from mail client to the sender's mail server.  By mail client, we mean the email software you use for your email, like Outlook Express, Windows Live Mail, Thunderbird, etc.  When you click SEND (or SEND/RECEIVE), that email client connects to your mail server and gives it the message.  Generally this takes place using the SMTP protocol.
  • STAGE2: moving the mail message from the sender's mail server to the recipient's mail server (relaying the message).  The sender's mail server is responsible for finding the recipient's mail server, connecting to it, and giving it the message.  This also takes place using the SMTP protocol.  Once the recipient's mail server has told the sender's mail server that it has accepted the message, the recipient's mail server is then responsible for getting the message into the recipients mailbox.
  • STAGE3: retrieving the message from the recipient's mail server.  The recipient's mail client will connect to their mail server, and download the message from their mailbox.  This generally takes place using the POP protocol.

So you see that SMTP is involved in sending the message, and POP is involved in retrieving the message.  Originally, these protocols were not encrypted.  ISPs have recently begun to make the move to using encrypted versions of these protocols, generally referred to as SMTP over SSL (or TLS) and POP over SSL (or TLS).  Using the encrypted version of these protocols provides the following benefits:

  • When you connect to your mail server (whether sending or receiving), you email credentials (username and password) are encrypted, protecting them from being intercepted by malicious users as they traverse the internet from your computer to your mail server.
  • Your message is also encrypted BUT NOT ENTIRELY THROUGH THE MAIL STREAM.  Read that caveat closely... people often thing that using SMTP over SSL means their email is encrypted, but that's not accurate.  Above, we outlined 3 general stages of email transmission... when you use SMTP over SSL to send your message, the message is only encrypted as it traverses from your mail client to your mail server.  It then moves from sender-mail-server to recipients-mail-server unencrypted, over standard SMTP.   And your recipient may download it over POP instead of POP over SSL (depending on their config and their mail service provider's config).   This is due to the fact that the industry has begun to support SMTP over SSL for mail-client to mail-server transmission (described above as STAGE1)... but they have not widely adopted SMTP over SSL for mail-server to mail-server transmission (described above as STAGE2).

For most people, they are looking for the first benefit... protecting their email credentials as they traverse the internet, and don't really need the mail message itself to be encrypted.  But if you do, see the section above titled Encrypting an EMAIL message.

Our support of smtp/pop/imap over SSL support is as follows:

  • MANAGED Servers (virtual or dedicated)
    • Smtp/pop/imap over ssl support is not included with the base mail server licensing product and requires a mail server licensing upgrade.  Please contact our sales/billing department for information on options/pricing. 
  • SHARED servers
    • Please see the following: Shared Host servers SMTP/POP/IMAP over SSL support Matrix


Shared Host servers SMTP/POP/IMAP over SSL support Matrix


SMTP/POP/IMAP over SSL enabled?

SSL mail server hostname*

SMTP over SSL port

POP over SSL port

IMAP over SSL port

web34 YES 465 995 993
web30 YES 465 995 993
















web9 YES 465 995 993
web17 YES 465 995 993
web15 YES 465 995 993
web13 YES 465 995 993
web11 YES 465 995 993

YES 465 995 993
mail3 YES 465 995 993
all other NO        

*SSL mail server hostname: The SSL certificate can only be issued to a single hostname, therefore it can't match multiple names like and As a result, a single hostname is used for connecting to the mail server over SSL enabled mail protocols.  In your mail client, update your mailserver name from to the SSL mail server hostname for the server where you're hosted.  You CAN actually leave it at, but you will be prompted with an SSL certificate error, noting that the hostname on the certificate doesn't match the hostname of the server you are connecting to, you can ACCEPT this warning and use anyway, and your transmissions will still be encrypted.

Downloads Associated With This Article
No downloads are currently associated with this article.