 |
| National Capital FreeNet |
Email Security (general information)
NCF's email servers support 'secure connections', meaning the transfer of authentication information and email text between your computer and NCF is protected by encryption when you configure your email program (eg., Outlook Express, Thunderbird, or Eudora) as recommended by NCF. The protection is provided by SSL (or TSL) when your email program talks with NCF's mail server (using SMTP or POP/IMAP).
As illustrated in the figure below, using SSL/TSL protects the transfer of information between your computer and NCF. Notice that if your email needs to go to another ISP to be delivered (eg., your correspondent's ISP is not NCF), the transfer of the email text itself to the other ISP is usually unencrypted as it is transmitted via the internet. Thus the point of SSL/TSL is mostly to protect your password when your email program talks with NCF's mail server.
Fig 1. Mail travelling between you and a friend who uses a remote ISP
It's difficult to assess the value of such encryption -- in over 10 years of operation with thousands of members, we not aware of problems that could be attributed to lost of passwords via internet 'sniffing'. Risk is low for members using dial-up because they are directly connected to NCF. Nevertheless, offering secure connections eliminates a potential risk for people who are concerned and is 'good practice'.
SSL/TSL protects your password (and email) as it is transferred between your computer and NCF. Most people are satisfied with that level of protection. However, if you want your email text to be encrypted while it travels via the internet, you can use end-to-end encryption, a feature provided by your email program, for example, 'Tools->Encrypt' in Outlook Express. You'll need to install a personal email security certificate, which can be obtained for free from Thawte, for example. The installation procedure is somewhat complicated, but once installed, it is easy to use.
NCF WebMail sessions are always secure; this happens automatically when you use WebMail from any browser (you'll see the browser reporting that a secure session is underway). However, just as in the case of email sent using an email program, email sent with WebMail may travel unprotected over the internet to reach its destination, as illustrated in Fig 1 above.
Media stories report concerns about what happens to email that leaves Canada. Figure 2 below illustrates the situation of someone using a mail server located outside of Canada (mail servers operated by Sympatico/Microsoft, Rogers/Yahoo, and Google, for example, are located in USA). All email sent via those servers, even if to local Ottawa correspondents, leaves Canada. Even if communication with the remote mail server is protected, the subsequent transfer of your email via the internet may not secure and occurs outside of Canada, as illustrated below.
Fig 2. Mail travel when using a mail server located in the USA
NCF's mail servers are located here in Ottawa, at Carleton University. If your correspondent is in Ottawa and uses NCF, your email won't leave Canada. However, if you send email to someone who uses Sympatico/Microsoft, Rogers/Yahoo, or Google, your email will have to leave Canada, because their mail server is in the USA.
2006 Nov