How to Secure Mail, Thunderbird or Gmail

In light of the recent Hacking by Google, we’re reminded of how insecure email really is. In a normal email situation, there’s absolutely no encryption and it your emails can easily be read by someone who’s looking to read them.

You’ll notice that banks and other financial firms now send you an email telling you to log in and check your secure messages. That’s one way to get around email insecurity.

If you’re paranoid or just mildly concerned, this two part series will show you how to configure Mail, Thunderbird or Gmail for encryption.


Email works in two directions. When you read an email and when you write and email. They are not the same.

Reading and writing email and can be secured by turning on encryption. Like going to a website, with a non-encrypted page, any passwords or other data sent can be easily read by others. All you need to do is turn on the encryption features in Mail, Thunderbird and Gmail.

Note: To use encryption, your email provider must support it. If they don’t, I’d strongly consider a new email provider.

Before we go any further, I’m going to assume you’ve already set up your email accounts and know the appropriate server names, usernames and passwords. If you’ve creating one from scratch, that’s OK.. Just have the server settings, username and passwords ready.

Apple Mail:

Apple Mail is really easy to set up for security. In fact, while just creating my test account for this article, reading emails was automatically secured and I was given the option to check a checkbox to secure sending them. Since Mail is simple to secure if you’re creating a new account, I’ll show you what to check to make sure it’s encrypting your connections.

1. From the Menu Bar, Click “Mail” and choose “Preferences”.

Securing Apple Mail - POP / IMAP

2. Click the “Accounts” tab at the top.

Securing Apple Mail - POP / IMAP

3. Select your email account on the left.

4. On the right, Click the Advanced tab.

Securing Apple Mail - POP / IMAP

5. Make sure the port is correct.
Secure IMAP is 993.
Secure POP is 995.

6. Make sure the checkbox next to “Use SSL” is checked.

7. Under Authentication, select “Password”.

Note: The authentication may differ depending on your provider but most likely it’s password unless you’re using an Exchange account.

To secure sending emails,

1. Click the “Account Information” tab.

Securing Apple Mail - POP / IMAP

2. For “Outgoing Mail Server (SMTP), Choose “Edit Server List”.

Securing Apple Mail - POP / IMAP

3. Select your outgoing server and click the Advanced tab at the bottom.

Securing Apple Mail - POP / IMAP

4. Now, check the checkbox next to “Use Secure Sockets Layer (SSL).

Securing Apple Mail - POP / IMAP

5. Select Password for “Authentication”.

6. Enter your username and password.

7. Send yourself a test email to make sure everything is working properly.

Mozilla Thunderbird:

1. Open Thunderbird and Select Tools -> Account Settings from the Menu Bar.

Securing Thunderbird - POP / IMAP

2. On the left, locate the account you want to secure.

3. Select “Server Settings”.

Securing Thunderbird - POP / IMAP

4. In the port field, enter the following:

For IMAP Secure (IMAPS) – 993
For POP Secure (POPS) – 995

Securing Thunderbird - POP / IMAP

If you don’t know which one to choose, the “Server Type” will tell you. If you’re setting up your account for the first time, I recommend IMAP Secure.

5. For Connection security, select “SSL/TLS”.

Securing Thunderbird - POP / IMAP

6. If supported, check the checkbox next to “Use secure authentication”.

Note: Not all providers support this. (GMail does not).

To secure the sending of messages,

7. On the left hand side, Click on “Outgoing Server (SMTP).

Securing Thunderbird - POP / IMAP

8. On the right, select your email account and click on “Edit”.

Securing Thunderbird - POP / IMAP

9. In the box that pops up, change the SMTP port to the secure port your provider uses.

10. Under connection security, choose either “STARTTLS” or “SSL/TLS” depending on your email provider.

Securing Thunderbird - POP / IMAP

Note: Gmail uses port 465 with SSL/TLS and port 587 with STARTTLS. If you’re unsure, use SSL/TLS. Also, some support secure authentication while other don’t. Consult your provider’s instructions. Gmail does not support the secure authentication.

11. Send yourself a test email to make sure everything is working.

Gmail’s Web Interface:

With Gmail you can either use an email client (Mail, Thunderbird, Outlook) or the web interface. Since I just went through securing Mail and Thunderbird, let’s secure Gmail’s web interface.

Since the infamous Chinese Gmail hacking, Google has enabled HTTPS (SSL) by default. Just in case your account isn’t set up for this, I’ll show you where to check.

1. Sign in to Gmail.

2. In the upper right-hand corner, click on “Settings”.

3. Under the General tab, look for “Browser Connection”.

4. Select “Always use https”.

Securing Gmail web interface

5. Click “Save Changes” at the bottom.

Securing the Actual Message:

Remember, this article shows you how to secure your sending and reading of the message only. It doesn’t secure the actual message itself. So, if at any point in its travels it goes over an unencrypted connection, it’s insecure. In Part II of this article, for greater security we will delve into encrypting the actual message and signing messages for authenticity.

Comments are closed.