Secure and encrypted communication is now available across all protocols and connections on all our shared primary email servers. Secured communications means that your email or web mail connection is encrypted during transmission and, even if that connection is intercepted, your passwords and other sensitive information is secured from prying eyes.
Both SSL and TLS is available
We have enabled both SSL and TLS security protocols. TLS is a more modern security protocol but older email clients and software may only support SSL so this has been made available too.
Default Ports
Our secure systems use industry standard ports for connections:
TLS Communication Ports
SMTP using TLS: Port 25 (standard SMTP port)
POP using TLS: Port 110 (standard POP port)
IMAP using TLS: Port 143 (standard IMAP port)
SMTP Submission Port using TLS: Port 587 (standard alternative/submission SMTP port)
The above ports for TLS are the same as the default ports already used by these protocols. If you enable TLS encrpytion on a protocol you will not need to change the port being used by your email client.
SSL Communication Ports
SMTP using SSL: Port 465
POP using SSL: Port 995
IMAP using SSL: Port 993
The above ports for SSL are different from the normal ports used by the POP, SMTP, and IMAP protocols, but the ports we set-up for SSL are industry standard. If you change the communication to SSL for a particular protocol in your email client it may automatically change the port to the appropriate port listed above, otherwise you may need to enter the port number manually.
Secured Web Mail is also available.
Should you use TLS or SSL?
If you have an option, TLS is the better choice. It is a more modern system that will ultimately replace SSL, but not all email clients support TLS. Even those that do support TLS may not support it on all protocols. For instance, Outloook 2013 supports TLS for SMTP (sending emails) and IMAP (a method for retrieving your emails), but only supports SSL for POP (another way method for retrieving your emails). However, this is not really a problem and using SSL for POP is fine as POP does not involve your emails being "forwarded on" to anyone else. Your connection to the email server would be secure while downloading your emails via POP SSL.
With TLS it is possible for your email communication to be encrypted over the whole transmission from your email client, to our email server, to the receiving email server, and the person receiving your email, if every link in the communication chain supports TLS. With SSL your communication is only encrypted between your email client and our server, but nowhere else in the chain.
More information on how TLS works is available here - http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/ib_tls_overview.html
You may receive warnings using SSL or TLS on IMAP, POP, and SMTP
One of the issues of secure and encrypted communications is that securing a connection means tying it down to a specific address. When you set-up SSL or TLS on your email client, and your client tests the communication, you may receive an error similar to the following:
This is because you have set-up your email client to use mail.<yourdomain> as the server for sending and receiving emails. There is nothing wrong with this, and you will be able to continue to use this to send/receive emails, but the secure certificates that underpin the secure connection have to use the same name that the email server uses when communicating with other email servers.
The good news is that while you get that warning you can choose to continue using the connection settings you have and your connection via TLS or SSL will still be secured and encrypted.
If the warning bothers you, you can change your email server settings to use:
mail3.nsnetwork.net
for both sending and receiving emails. This is the name that the email server uses for communicating with other email servers - at least it is for the majority of people using our email servers - and it is the address used on the security certificates to confirm the legitimacy of the secured communication.
Checking the address to use for your email server settings
If you want to check the above name is correct for you (and not a spoof), go to http://www.intodns.com/ and type in your domain. When the results display, scroll down to the section called MX where you will be looking for the sub-section called "Reverse MX A records (PTR)" - it's usually the last part of the MX section.
This area displays the actual name the email servers responsible for handling your domains email use when communicating with other email servers - there may be more than 1 address listed. You are checking to see if mail3.nsnetwork.net is listed there. If it is then it shows that using mail3.nsnetwork.net is OK to use as the send/receive server in your email client.
If you are using our shared email servers, and mail3.nsnetwork.net is not listed, but other domains are listed that have nsnetwork.net, rackdns.net, nssecure.co.uk, securens.co.uk, or rackteam.com in them, please contact us for information on the address to use. If the servers listed in this record do not include these domains you are not using our shared email servers for your domains email.
Web Mail
The above information is also relevant when it comes to using web mail. HTTPS (SSL) communication with the web site has been enabled. Using:
https://mail3.nsnetwork.net
will allow you to connect securely without receiving an error. If you continue to connect on "http://" then you won't receive an error, but your connection will not be encrypted.
If you use another address for secure communication e.g. https://mail.<yourdomain> you may receive a warning about the certificate being invalid. You can continue to use your existing web mail address and your communication will be encrypted if you use "https://" rather than "http://" in the address, but if you want to avoid the error message http://mail3.nsnetwork.net will be the address to use for your web mail.