Thoughts about security.

There are four aspects of security to consider:

1. The sending of your name and password (logging in).
2. The transfer of information between computers.
3. Backend Administrative functions.
4. The contents of databases.

First, a little background on Internet Protocols: Sending Email using SMTP (outgoing on port 25) is not encrypted or secure. SMTPS (outgoing on port 465 with SSL) encrypts both authentication and your message in transit so it is secure. Submission (outgoing on port 587) is not secure. POP3 (incomining on port 110) is not secure. However, POP3s (incoming on port 995 with SSL) is secure. IMAP (access messages on port 143) is not encrypted. IMAPs (access messages on port 993 with SSL) is. The Web (HTTP client on port 80) is not encrypted, but HTTPs (usually on port 443) is secure to various levels depending on the protocol and the number of bits used for the key.

Some Rules to Live by:

1. The name and password you use for E-mail should not be used for anything else.
2. You do not need tight security for chatty E-mail, but if you E-mail for business, or to send sensitive information, please use one of the secure protocols, as follows:
   * POP3S for getting and SMTPS for sending or
   * IMAPS for viewing and SMTPS for sending or
   * HTTPS Webmail for getting and sending.
3. Customers concerned about the contents of E-mail should use PGP or similar encryption.
   
4. Customers should use HTTPS for all Administrative functions.
5. No Credit Card information should be accepted, transmitted through, or stored on our network ever, end of story. Use a 3rd party transaction processing company.
   

Our MySQL Database servers have no outside access.  Our SQL Servers are firewalled and kept patched. Please use a complex password for any / all database accounts and change it frequently.