9.4. Using SSL for webmail
Most email providers offer a webmail option so that you can check your email using a web browser when you're away from your regular computer, and in a few cases, that's the only way of accessing your mail. A number of services, including Hotmail and Gmail, initially offered only web-based email access but later added access via POP, IMAP, or both.
In the previous section, I described using SSL to encrypt email sent and received with an email client such as Mail or Entourage. But it's equally important to encrypt your email when using a web-based email interface — whether on your own computer or on a public computer. Otherwise, everything you send and receive could be intercepted and read; the fact that it's delivered via HTTP rather than POP, IMAP, or SMTP doesn't afford it any particular protection.
Because every webmail system is different, I can't provide instructions that work with all of them. However, I offer some tips for several popular email providers just ahead. But in general, if you're about to log in to your webmail page and notice that the URL begins with http:// instead of https:// and there's no lock icon in your browser window, your credentials won't be encrypted when you log in — and that's a definite danger sign.
9.4.1. Gmail
Gmail offers a secure sign-in page so that your credentials are encrypted in transit, but for years the default setting was to use standard, insecure web pages. Google has announced that they're considering switching ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
