If you are confused about how to implement security in an email app, you are not alone: SSL, S/MIME, PGP, certificates, signatures--it all can get quite confusing. There are many methods of securing email, each with its own strengths, weaknesses, and complexities. This is the first in a series of articles dealing with email security in which I hope to simplify some of these complexities.
In this article I will focus on SSL and leave future articles to deal with the other security methods and protocols. Unlike other information you may have read about SSL, the information presented in this article is from an email developer's perspective. I will explore the pros and cons of SSL and show you exactly what you need to know to properly build and support an email client application that can send and retrieve email over an SSL encrypted channel. Sample code is also included which will enable you to build SSL-enabled .NET apps within minutes!
In this edition you will learn:
- How SSL works to safeguard data.
- How SSL is used to protect email.
- The benefits of client authentication.
- 2 critical things you need to know about what SSL will not do.
- How you can use SSL to safeguard email in your app.
- Client and server requirements for securing email with SSL.
- About the bonus protection provided by SSL.
- What types of apps can benefit from securing email with SSL.
This edition also contains easy sample code in VB.Net and C# including:
- Sending a message with SMTP over an SSL connection
- Retrieving a message from a POP3 server over an SSL connection
- Retrieving a message from an IMAP4 server over an SSL connection
Normal email messages are sent across the Internet in a plain text format. This leaves the messages susceptible to all sorts of electronic eavesdropping. SSL enables us to easily secure our email apps while keeping the SSL security invisible to the end user.
Every techie is familiar with SSL (Secure Sockets Layer) to some degree. SSL is the technology which encrypts data during its transmission to and from a secure website. All e-commerce applications rely on SSL to ensure that sensitive information, such as credit card numbers, are not transmitted across the public Internet in a manner which can be easily intercepted and decoded by a third party. SSL is very transparent to the end user, in fact the end user needs to know nothing and do nothing, it just happens, it just works. That is one of the biggest strengths of SSL - the fact that it is invisible or transparent to the end user.
SSL is transparent to the end user because its functionality is built into the browser and works automatically. In this article I will show you how to build this same type of automatic, secure functionality into your email apps.So how does SSL work? How secure is it and how can it be used to secure email?