IMAP vs. IMAP SSL

By G.S. Jackson

IMAP over SSL allows for encrypted email exchange over a standard email protocol.
i Chad Baker/Photodisc/Getty Images

There is a good chance that your email client application uses Internet Message Access Protocol, and as such it is important for you to understand the strengths and weaknesses of such a protocol. The protocol allows you to connect to an email account on a server, and access folders and mailboxes on that server, but does so in an insecure fashion. In order to address this vulnerability, you can use IMAP over Secure Sockets Layer encryption to secure your email transactions.

IMAP

IMAP dictates a particular way for connecting to email servers to fetch email. Unlike Post Office Protocol, or POP, which is a simple email protocol that fetches copies of email from your email server, but makes no changes, IMAP allows for two-way communications. This means that if you use IMAP through your email client, changes made on the email client -- such as deleted messages or new folders -- will reflect on the email server.

SSL

SSL is an encryption protocol for online communications. The underlying SSL protocol employs an authentication and "handshake" mechanism. This means that two computers using SSL -- yours and a server you connect to -- use authentication certificates to verify identities. Each computer then negotiates an encryption algorithm to use. Once they agree on an algorithm, the rest of the SSL session uses that encryption method to secure all the transmitted data.

IMAP Over SSL

One benefit of SSL is that it allows the use of different communication protocols. For example, the most typical use of SSL is in conjunction with Hypertext Transfer Protocol, or HTTP, so that you can connect to, for example, your bank's website securely. Because of this, you can also use your email client application to use IMAP over encrypted SSL. This way, your email transactions only occur in an encrypted manner, while still utilizing IMAP.

Applications

Most email applications allow for SSL -- or its successor, TLS -- connections to email servers that allow it. For example, Windows' native Outlook email client has a setting for such SSL connections, as does Apple's Mail application. Thunderbird, a Mozilla client that works on Linux as well as Windows and OS X, also has the option for SSL connections. Most commonly, the client communicates with the email server to determine SSL capabilities and connection particulars, so you have to do very little actual SSL configuration to utilize IMAP over SSL.

×