Switch to a secure email provider

This article is no longer maintained, so its content might be out of date.

A secure connection to your email provider is important because it lets the email application verify that it's talking to your real email server without anyone eavesdropping.

The Risks of Insecure Connections

Using an insecure connection to your email provider makes it possible for others to pretend to be your email provider or to capture your password or the contents of your emails. Once your password is known to an attacker, they can use your email account as if they were you until you change your password. This is important because many websites use your email account for password resets or for confirmation emails, and an attacker with access to your account can read these emails and then delete them before you see them.

These risks are real, especially for mobile devices which use wireless technology to connect to the internet. Existing cellular data standards unfortunately provide broken encryption and allow attackers to set up fake cell towers. Similarly, most wi-fi connections use standards that are vulnerable to attack or simply don't try to encrypt anything. For example, free wi-fi at coffee shops usually has no encryption and no way for you to be sure that you are actually using the coffee shop's wi-fi as opposed to a computer that's pretending to be the coffee shop's wi-fi.

The Benefits of Secure Connections

Using a secure connection (indicated by a "STARTTLS", "TLS" or "SSL" connection), means that the internet servers between you and your email provider cannot see the contents of the connection, so that your password and email contents stay private as it passes between your email provider and you. (These standards are much better designed than those deployed by the cellular and wi-fi industries.)

Check your existing provider

Your current email provider could have a secure connection option. Check their support documents or contact them through their support channels.

If they do not provide a secure option, give them feedback that you value the connection privacy that secure connections provide. It helps make a better world for others in the future!

Some providers may suggest that it's safe to not use encryption for some reason. They are incorrect and it's probably a good idea to find a better email provider!

Changing email providers

Fortunately, there are many free options that do provide secure connections. This means that you will get a new email address. Many email providers allow you to import your email and contacts from your old email address and even continue to pull the new email received at your old account into your new account. (This is somewhat safer than you checking your email on a wireless device because server-to-server connections use wired connections that are much less likely to be intercepted by anyone other than governments.)

Factors to consider

When choosing which email provider to use, here are some factors to consider:

  • Do they provide secure connections to their email servers?
  • Do they allow importing your old email and contacts from your old provider?
  • Are you comfortable with how the email provider handles your email data? Are they known for keeping people's data safe from others?


Wikipedia has a Comparison of webmail providers. If you want to use an email client instead of just going to a web page to check your mail, then choose one that offers "IMAP" support and has "Cryptographic protocol support" that mentions "TLS" or "SSL".

For the United States, the Electronic Frontier Foundation has also graded some services for how they handle data requests.

Google's Gmail is offered in many different languages, provides secure connections and offers IMAP support, as well as being able to continue to import new mail from your old account as it is received. So it could be a reasonable choice if you like how Google handles people's personal data.

// These fine people helped write this article:Joni, asuth, jburke. You can help too - find out how.
Volunteer for Mozilla Support