National Capital FreeNet

Secure login for the NCF Mail System

2006 Dec 4

NCF's email servers support 'secure connections', meaning the transfer of authentication information and email text between your computer and NCF can be protected by encryption.

You can (and should) configure your email program (eg., Outlook Express, Thunderbird, or Eudora) to use SSL or TSL when it talks with NCF's mail server (using SMTP or POP/IMAP) -- there are how-to links at the bottom of this page.

As illustrated in the figure below, using SSL/TSL protects the transfer of information between your computer and NCF. Most importantly, this protects your password when it is sent to the mail server. Incidently it also protects your email text, but only on the link between you and NCF; if your email needs to go to another ISP to be delivered (eg., your correspondent's ISP is not NCF), the transfer of the email text to the other ISP usually travels unencrypted. The main benefit of SSL/TSL is to protect your password when your email program talks with NCF's mail server.

Fig 1. Mail travelling between you and a friend who uses a remote ISP

(If you want your email text to be encrypted while it travels via the internet, you can use end-to-end encryption, a feature provided by your email program, for example, 'Tools->Encrypt' in Outlook Express.)

You may notice that NCF WebMail sessions are secure as well. This happens automatically; you don't need to do anything. You can use NCF WebMail from a browser anywhere (however, just as in the case of email sent using an email program, email sent with WebMail may travel unprotected over the internet to reach its destination, as illustrated in Fig 1 above).

It's difficult to assess the risk reduction provided by password encryption -- in over 10 years of operation with thousands of members, we not aware of problems that could be attributed to discovery of passwords via internet 'sniffing'. Risk is very low for members using dial-up because they are directly connected to NCF. Nevertheless, offering secure connections eliminates a potential risk for people who are concerned and is 'good practice'.

Some people have concerns about what happens to email that leaves Canada. Figure 2 below illustrates the situation of someone using a mail server located outside of Canada (mail servers operated by Sympatico/Microsoft, Rogers/Yahoo, and Google, for example, are located in USA). All email sent via those servers, even if to local Ottawa correspondents, leaves Canada. Even if communication with the remote mail server is protected, the subsequent transfer of your email via the internet may not secure and occurs outside of Canada, as illustrated below.

Fig 2. Mail travel when using a mail server located in the USA

NCF's mail servers are located here in Ottawa, at Carleton University. If your correspondent is in Ottawa and uses NCF, your email won't leave Canada. However, if you send email to someone who uses Sympatico/Microsoft-MSN, Rogers/Yahoo, or Google, your email will have to leave Canada, because their mail server is in the USA. (Maybe they should join their neighbours at NCF, Ottawa's Canadian not-for-profit alternative to commercial internet providers! Many Ottawa residents have personal email accounts at NCF even if they obtain internet access elsewhere.)

The more Ottawa residents using NCF, the more NCF can do for members. Please tell your friends about NCF. Thanks for your support!

NCF Office volunteers

How to configure your email program

Please consult the pages below to configure your email program for secure login:

Microsoft Outlook Express
Mozilla Thunderbird
Apple Mail
Pegasus Mail
Eudora Mail
Netscape Mail

Note: These email program configurations should work even when your computer is connected to another ISP -- for example, if you carry a wireless laptop to an internet cafe.

Of course you can always use NCF's WebMail securely from any browser anywhere.

(FreePort users: FreePort and it's email program operate on an NCF computer, so there is no transfer of password over the network when reading email using FreePort.)