Is my pop3 email security enough for a simple home user?

[Paul Smith]

On Tue, 2019-11-05 at 19:37 +0100, Ralf Mardorf via ubuntu-users wrote:
> On Tue, 5 Nov 2019 16:46:27 +0100, Liam Proven wrote:
> > On Tue, 5 Nov 2019 at 15:48, Charles IRONS wrote:
> > > Is my email secure enough? As an end user age 80 I am not skilled
> > > with terminal commands."  
> > 
> > Absolutely, yes. Don't worry about it. Email is public while it is
> > in transit, anyway.

That's not true (necessarily).  It depends on whether your connection
goes over SSL/TLS or not.

To Charles: whether your password is "Plain" or something else isn't
important.  What's important is the "Encryption method" setting.

If that is set to "No encryption" then all the traffic between you and
your mail provider is sent in cleartext and is readable by anyone that
can watch the network traffic.

If the Encryption method is "No encryption" and your authentication
method is "Password", then both your password and your email are sent
over the network in cleartext, so contrary to the above recommendation
that you "just don't worry about it" and treat your email as public you
should VERY MUCH worry about it: if someone can grab your password they
can log into your account and/or send email as you and that is a much
more serious problem than someone passively watching your email go by.

If "Encryption method" is set to using STARTTLS or TLS, then your
connection is encrypted, including whatever authentication you use,
such as your password, so you're protected from snooping.

Similarly for the "Sending Email" options: if your "Encryption method"
is is "No Encryption" and your authentication method is PLAIN password,
you should be concerned.  If "Encryption method" is not "No encryption"
you're fine.

For GMail, I don't think they even offer unencrypted connections at all
so most likely you are already fine.

Cheers!