Host Solutions is transitioning to exclusively secure connections, which is a crucial step to ensure that your emails and personal information remain safe and private. This means that any currently used insecure connections for email, such as those not using SSL/TLS, will no longer be supported. Additionally, for those already using secure connections, it's important that your email client can support the use of TLS 1.2, as we will no longer support older versions like TLS 1.0 and 1.1.
Moving Away from Insecure Connections:
Using an insecure connection for emails is like sending a letter without an envelope – anyone who comes across it can read your information. To protect your privacy, we are now requiring that all connections be secure. This means using a 'digital envelope' (SSL/TLS) for your emails, ensuring that only the intended recipient can read them.
Why TLS 1.2 is Required:
Within the realm of secure connections, we are specifying the use of TLS 1.2. This is because older versions, like TLS 1.0 and 1.1, are like old locks that are easier for cyber attackers to break into. TLS 1.2 is a much stronger lock, offering better protection with stronger encryption and more secure methods of communication. It’s the minimum standard needed to keep your communications safe in today’s digital world.
This tutorial is designed to assist you in understanding these changes and updating your email client settings accordingly to enhance security and comply with our new requirements. This guide will also provide specific help for those using older devices, ensuring you can smoothly transition to these more secure methods of communication.
Important Considerations for TLS 1.2 Support
Operating System Support
While most modern operating systems and devices support TLS 1.2, some customers may be using outdated operating systems or devices that are not compatible with this encryption standard. If you're confident that you're using a modern OS, you can proceed to the next section. However, if you're unsure or know that your system might be outdated, please read on to understand how this change might impact you and to explore possible workarounds.
- Windows: Windows 7 and later support TLS 1.2. However, Windows 7 and 8 may require manual enabling of TLS 1.2. Note that these versions of Windows are no longer receiving security updates, posing additional risks. For guidance on enabling TLS 1.2, please refer to this how-to article. Upgrading to a more recent version of Windows is advisable for better security.
- macOS: macOS X 10.9 (Mavericks) and later versions support TLS 1.2. Older versions are vulnerable to various security threats and lack TLS 1.2 support.
- iOS: iOS 5 and later versions support TLS 1.2. Older iOS versions can expose users to security vulnerabilities.
- Android: Android 5.0 (Lollipop) and later versions natively support TLS 1.2. Older versions lack this support and may be vulnerable to security risks.
The Need for Upgrading or Replacing Devices
Using operating systems and devices that do not support TLS 1.2 is becoming increasingly problematic. The internet is widely transitioning to require TLS 1.2, meaning that failure to update will likely result in problems accessing a large number of websites and online services in the near future. Upgrading or replacing your device is strongly recommended.
Alternatives: Webmail and Mozilla Thunderbird
If upgrading your operating system or device is not feasible, consider these alternatives:
- Webmail: Webmail runs in a browser and relies on the browser's security protocols, which are generally up-to-date. This can be a temporary solution while planning for an upgrade.
- Mozilla Thunderbird: As an email client, Thunderbird includes its own security protocols, including TLS 1.2, independent of your operating system. This makes it a suitable alternative for those using older systems.
While the workarounds mentioned should allow continued email access on older devices for now, it's crucial to start planning to upgrade or replace these devices. This is not a Host Solutions-specific issue but a broader internet security trend. As more websites and online services adopt TLS 1.2 and higher for enhanced security, older devices that do not support these protocols will increasingly encounter difficulties accessing a large portion of the internet. This transition is essential for maintaining secure and reliable online interactions in the coming years.
Steps for Updating Email Settings
If you're on a modern operating system that supports TLS 1.2, then you will only need to update your existing email connection settings to use SSL. This guide assumes you already have your email account set up on your device and is designed to explain how to update your existing settings from insecure to secure connections.
To do this, we will need to adjust a number of settings to tell the email client that you're using secure connections, and to update ports. We also need to ensure that your outbound email connection is not only using the secure connection, but also configured to use password authentication.
Typically, you won't need to change the hostname that you use to connect to, we're only updating port settings. This will typically (and ideally) be mail.yourdomain.com but it may be something like servername.ldn.kualo.net. However there may be rare cases where a secure certificate hasn't been issued for your domain.
If you run into any problems after changing to a secure connection, double check that you have the hostname specified in your cPanel.
This process to change to secure connections primarily involves three key steps:
- Checking Your Current Settings: Begin by identifying your current email client settings, particularly the type of account you're using (IMAP or POP) and your current SMTP settings.
- Updating to Secure Ports: Modify your email client settings to use the designated secure ports for IMAP, POP, and SMTP. This ensures that your email transmissions are encrypted and secure.
- Enabling Authentication for SMTP: Make sure that your SMTP (outgoing mail server) settings include password authentication. This step is crucial for securing your outgoing emails.
Note, if you are setting up Authentication for SMTP for the first time, you may be prompted to provide your email address username and password. If you don't know what this is, you may reset this from cPanel.
Steps for Common Email Clients
Each email client has its own set of steps for making these changes, which we've detailed below for the most commonly used clients. Remember, securing your email is not just about protecting your privacy, but also ensuring that your communications remain uninterrupted and compliant with the latest security standards.
Microsoft Outlook (2019, 2016, Office 365)
Checking and Updating SSL and Port Settings for IMAP/POP:
- Open Outlook, go to File > Account Settings > Account Settings.
- Select your email account and click Change.
- Under Server Information, check your Account Type (either IMAP or POP3). You do not need to change this, just note what it is.
- If IMAP, set the Incoming server port to 993 and select SSL/TLS.
- If POP3, set to 995 and select SSL/TLS.
Updating SMTP Settings:
- Click More Settings > Outgoing Server.
- Check My outgoing server (SMTP) requires authentication.
- Select Use same settings as my incoming mail server.
- Go to the Advanced tab. Set the Outgoing server (SMTP) port to 465 and select SSL/TLS.
Apple Mail (macOS and iOS)
macOS:
Checking and Updating SSL and Port Settings for IMAP/POP:
- Open Apple Mail, go to Mail > Preferences > Accounts.
- Select your account and click Server Settings.
- Depending on your account type (IMAP/POP), set the correct port (993 for IMAP, 995 for POP) and enable Use TLS/SSL.
Updating SMTP Settings:
- In Server Settings, under Outgoing Mail Server (SMTP), click Edit SMTP Server List.
- Select your SMTP server, check Use TLS/SSL, and set the port to 465.
- Ensure Authentication is set to Password.
iOS:
Checking and Updating SSL and Port Settings for IMAP/POP:
- On your iOS device, open Settings, tap Mail, then Accounts.
- Select your account, then Account.
- Tap Advanced and set the correct port (993 for IMAP, 995 for POP) and toggle Use SSL to ON.
Updating SMTP Settings:
- Go back, tap SMTP under Outgoing Mail Server, then Primary Server.
- Ensure Use SSL is ON, set Server Port to 465, and Authentication to Password.
Mozilla Thunderbird
Checking and Updating SSL and Port Settings for IMAP/POP:
- Open Thunderbird, go to Tools > Account Settings.
- Under Server Settings, check your account type (IMAP/POP).
- Set the correct port (993 for IMAP, 995 for POP) and set Connection security as SSL/TLS.
Updating SMTP Settings:
- Go to Outgoing Server (SMTP), select your server, and click Edit.
- Set the Port to 465, Connection Security to SSL/TLS, and Authentication Method to Normal Password.
Android Default Email Clients
There are a range of different Android email clients and so it's difficult to provide a comprehensive list. However, the general principal is the same. If you are in doubt you may need to look up a how to on your specific Android mail client, or contact us for help.
Checking and Updating SSL and Port Settings for IMAP/POP:
- Open the Email app, go to Settings, and select your account.
- Under Incoming settings, set the correct port (993 for IMAP, 995 for POP) with SSL/TLS security type.
Updating SMTP Settings:
- Find Outgoing settings.
- Update the SMTP port to 465, choose SSL/TLS, and ensure Require sign-in is checked with Password authentication.
