Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

You can send him to Webmail.us. We would be happy to help.

Thanks, Pat! Will do :)

There are quite a few companies providing POP over SSL, IMAP over SSL and SMTP over SSL (or some subset of above). Though it looks like none of them terming it as "SSL email".

Nobody says anything like "we encrypt your messages while they're being sent and received". I think that's what might appeal to customers.

And I did look for POP/IMAP/SMTP over SSL at all of the hosting companies above. If any of them do offer it, they're doing quite a good job hiding it :)

If David is sensitive about the security, he would have used encrypted emails himself (PGP for example) instead of relying on hosting providers to give him SSL over SMTP or POP3/IMAP.

After all, POP3/IMAP/SMTP over SSL/TLS is only encrypting the transmission, and there is no guarantee that the "important information" won't leak on two ends of the encrypted connection. For example the mail server of the recipient might not support SSL, and the mail is not encrypted when it is in mail server's spool...

I won't consider mail server supporting SSL a show stopper of any hosting packages, as it only gives you a false sense of security.

Scott,

I agree that there are alternatives to full SSL support by all parties involved. (And I am forced to use them)

I agree that if we want to *guarantee* private information transfer, PGP is a feasible alternative to "all-party-SSL".

In my specific case, I know that the receiver does support SSL, and I don't want to have to build in functionality to my application that supports PGP.

Is SSL support for POP3 and SMTP a "show stopper" for hosting companies? It depends on what you're doing. A "false sense of security" for you is a time-saving feature for me.

Encrypted email between the server and client is only one third useful. Let's assume your ISP used a "secure SSL" server. Email you receive from others is still sent unencrypted over the Internet to your "secure SSL" server for reading. And your email is sent from your "secure SSL" server to a recipient's server (SSL or not) in unencrypted form. So let's not kid ourselves and call this "encrypted email."

People have come up with ways to connect the sender and recipient via SSL. Try something like http://www.certifiedmail.com.

Customer education is key.
If customers understood that when they check their email from a provider that does not use SSL to encrypt the mail from the server to their client, they would be concerned. If customers knew that their email username and password were being sent across a wireless connection or any internet connection in clear text, they would be concerned.
Some hosting companies do not even encrypt the WebMail logon pages.

These issues are addressed by choosing a Web hosting provider that provides secure solutions, whether it be POP/IMAP/WEBMAIL or Microsoft Exchange.

Wow, busy topic!

There are really two components to SSL for email, you can secure the transmition of the message packet itself when it is sent through the internet, and you can secure the web mail page for when you are reading email. Either one does not encrypt or secure the other. We've been able to offer SSL for webmail since 2006 by using the following format:

https://maila61.webcontrolcenter.com/Login.aspx

The difference is, in the shared envoronment, is that you have to use our wild card SSL to reach it, then login by using a username that contains the customers domain name. Works well, but there are so many components to web and email hosting, that could potentiallly make the list very long on a web page, that we don't list it. Most likely, this is the reason that other hosts may not list it as well.

To Isabel's question, I think web hosting customers care about secure communication, but few of them know enough about SSL email to understand the difference between the various approaches that have been discussed here (good thread, btw).
Encryption can be intimidating to non-technical users, and even many technical ones.

Research on responses to SSL browser warnings has shown that many users ignore warnings and click through without understanding whether or not there's a problem with the site. William is correct that customer education is important. The big question is whether customers who could benefit from the service are willing to invest the time to educate themselves.

Wow! Thanks for all the discussion, everyone!! Scott and Sarah - I really appreciate your insights. I guess I've never given very careful thought as to what "encrypted email" means. William and Rich - education is totally key, and I think Craig's pinpointed the problem. Web hosting plans have soooo many features that no customer can possibly understand them all. And many hosting companies don't even list everything they have to offer.

I think the moral of the story is, we need more customer segmentation. The one-size-fits-all approach of giving everyone the same giant list may not be optimal for targeting customers who really really care about email security, for instance. And isn't so concerned about how many databases he gets. I'm envisioning some kind of wizard that asks customers what they're looking for and displays a shorter list of relevant features?

I've been looking into secure email recently, and ran into some interesting twists.

One twist is that Avast! won't scan 'secure' email, and that nobody else's scanner can either. Since the message gets 'secured' at the email client, the AV doesn't have any 'clear data' to scan. The on-access scanner should catch anything nasty and prevent it from running, but the file will already be on the machine. The (not so) apparent answer is to use Stunnel and OpenSSL with the email client. Not exactly a turn-key solution.

The best secured email answer that I have found so far is Gmail (once you get signed up...) POP, SMTP, SSL , TLS, and secure webmail are all available. As mentioned previously, you are still only securing the connection between your computer and the mail server; after that it's plain text over the internet unless you are encrypting. Still, it's potentially useful when dealing with an open and/or unprotected wireless connection.

As for encrypting email, the Thunderbird/GPG combo is looking good to me so far. Mobilityemail appears to be a preconfigued Tbird/GPG package that is setup for webmail as well. Hushmail seems to have potential, but I prefer to have more direct control of my email.

Oh, and GoDaddy does seem to do SSL for my POP from pop.secureserver.net:995. I Can't seem to get the SMTP or Webmail (other than login) to secure though. :(

I just wanted to say thank you to all for the above information and especially the comments by you, Ms. Wang. We are an upstart hosting company looking to go live in May. We are currently having an individual build our site and plan to do two things based on your comments (we had not considered it before, at least in this detail):

1) It will be well advertised, though typically assumed, that our Exchange Hosting service will be encrypted between us and our customers and vice versa using TLS. I know this is a bit off topic being that you are looking at POP and SMTP primarily which is far cheaper than Exchange - 9.95/month for 500MB is the going rate. Resellers may do the same for 250MB.

2) We are discussing with the web site developer to create a wizard launched by a button stating something to the effect of, "Confused by all these services? Click here and we will match you to possible answers our software will provide." It will list services, hover over them for a brief explanation, click for a tutorial that ends you right back at the selection screen where you check items of interest. After you have gone through the series of questions, a customized solution will be displayed that you may choose from.

Retention is our key to success, so we want this to truly benefit the customer with a ROI listing for each product. We will host 5 or more products and, in web hosting, we will not be a threat. We will only host completed sites, no templates or web design help. The profit margin is not there for us, but do see how others are successful.

I am not mentioning our name here, but will if you e-mail me, as I am not here to advertise, but to offer sincere appreciation for the great ideas. Our focus is customer service and our platform of virtual server through VMware will keep our overhead low to afford us not only the ability to create a jam up web site but also offer 24x7x365 phone support, toll free. They will be empowered to escalate all the way to one of three partners if our technical team can not resolve issues timely. A few 3am wake up calls I get will get our tech team in gear!

If anyone has other ideas, we would be happy to entertain them, just fire me an e-mail. I am 30% owner, so believe me I care! 90% of new businesses fail so I am praying to be in that lucky 10! Scouring the web for ideas and asking local home users and small to mid sized business IT decision makers I know has not been as fruitful as this thread.

Ms. Wang, we will give you a great deal should you need any of our services and our servers are securely tucked away in a state of the art datacenter, with full redundancy and backup.

Thanks again,

James

Whoops, I thought it would "automagically" display my e-mail. It is claytonj22@yahoo.com. This is not my address for the company as the domain would clue you in on who we are/will be.

Regards,

James

Of course, Gmail gives both SSL on POP and TLS, a newer standard, on SMTP.

If you use a webmail, use your ISP (local) SMTP server and insist on SSL for SMTP protocol send mail.

Other good fast and secure options for webmail - look to Fastmail in australia - great webbased provicer with many options, including free IMAP, which Gmail does not offer....

Yay!
Why don't you guys give it another try and see what's happening?
Do not forget to sniff traffic with Wireshark.
Just use for godaddy the following settings(I'm using Outlook 2007):
pop.secureserver.net
smtpout.secureserver.net
Incoming(POP3): 995
Check This server requires an encypted connection(SSL)
Outgoing(SMTP):465
Use the following type of encrypted connection: SSL(or TLS). Do not worry, TLSv1 is used and not SSL2.0.
I don't see any official Godaddy comments for these settings, but I can see them working!
Have fun!
Do not confuse PGP with POPS and SMTPS. Without POPS and SMTPS your credentials are sent in clear(crystal clear) and I suppose this do not require any explanation....
If you want confidentiality you need both: PGP with POPS and SMTPS.

Yep, it's me again!
Well,
It's explained all on help.godaddy.com, in the email clients section.
http://help.godaddy.com/article.php?article_id=3477&topic_id=167&isc=appemail40
See Configuring Microsoft Outlook to use a Secure Connection (SSL) for Email Messages or Configuring Mozilla Thunderbird to use a Secure Connection (SSL) for Email Messages
It applies to both POP and SMTP.
So...
I feel like an idiot right now.....