Secure Mail Settings Required – Effective April 15th

We hope you're doing well today. This notice is being sent to inform you that we will be strengthening our security protocols for email on April 15th, 2014. Please read the following details carefully so you're sure to be prepared:

Our security team will be disabling plaintext authentication on all of our shared servers. As of the effective date listed below, SSL/TLS will be required for all email connections.

Effective Date:
April 15th, 2014

Clients Affected:
All clients utilizing our shared hosting services will need to ensure you're using secure mail connections by the effective date in order to prevent problems connecting to your email accounts.

Secure Mail Connections:
When you connect to a mail server using a mail client like Thunderbird, you have to provide a username and password. If you are using plaintext authentication, this means that your password is being sent across the internet without any encryption protecting it. A malicious user may be able to catch your password and access your personal information, regardless of the password's strength. In order to mitigate the chances of this scenario occurring, plaintext authentication will no longer be allowed on our shared servers.

SSL/TLS will now be required for POP3/IMAP/SMTP connections to ensure the security of your connection to our servers. This means that your login details will be encrypted before they are sent across the internet. Even if some malicious user or software were to capture your password, it would not be readable without the key to decrypt it, which is only known by the server you're securely connected to.

Here are sample settings which can be used to configure your mail client:
Secure SSL/TLS Settings

Password: Use the email account’s password.
Incoming Server: Server's Hostname
IMAP Port: 993
POP3 Port: 995

Outgoing Server: Server's Hostname
SMTP Port: 465

Authentication is required for IMAP, POP3, and SMTP.

For more specific information on configuring your email account for SSL/TLS, you can visit the cPanel section 'Email Accounts'. Once in this section, click the 'More' dropdown next to a specific email account and select 'Configure Email Account'. This page offers some scripts for automated setup of your email account or you can review the manual 'Secure SSL/TLS Settings' settings.

Important Note:
If you elect to reconfigure your mail settings prior to the 15th, you may run into a funny looking error in your mail client when connecting to your mail server for the first time. This is because we are in the process of implementing signed SSL certificates on all of our shared servers, but those that are still using self-signed certificates will throw the error if you do not use the server's hostname in your mail settings. By the 15th, all shared servers will have signed SSL certificates so this will not be an issue after that point. You can avoid this error simply by using the server's hostname as the “Incoming Server” in your mail settings as noted in the example provided above. If you do run into this error, there is no reason for alarm. You can simply click the “add exception” button at the bottom of the error window telling your browser to make an exception for this server, so your browser will trust the server and you will not see the error again. We assure you this connection will still be equally secure, and as mentioned, we will be adding signed SSLs to all of our shared servers in order to avoid any confusion caused by this scenario all together from April 15th forward.

Ultimately, secure mail connection settings combined with strong passwords will help to prevent hacked email accounts, protect your personal information, and provide for more stability in our shared hosting environments. Thank you so much for taking the time to review this notice, and if you have any questions or concerns about these coming security changes, please don't hesitate to contact our staff for more details.                                                                 

via Eco-geek / Helresa
This entry was posted in Announcement and tagged , . Bookmark the permalink.