Ensuring all communication with Fastmail is secure and encrypted

The current situation

When you login to Fastmail servers to send or receive email, your username and password has to be sent over the connection to authenticate who you are. Previously we encouraged people to use secure encrypted connections (SSL/TLS encryption), however we didn't enforce this.

What we're doing

We hear regularly from users how importantly they regard the security and privacy of their email account. Users are extremely surprised and concerned if they discover that they're email software is sending their username and password unencrypted when they didn't realise this was happening.

Because of this, we have decided to enforce that all communication between your computer and our servers is encrypted, ensuring that no one can eaves drop on your username or password to steal your login credentials.

If we detect that you are currently using a non-encrypted insecure connection to send or receive email, we will send you an email directing you to this page which explains how to fix your email software. You will keep receiving the message until you have successfully fixed your configuration. If you have any questions, please just reply to the message your received.

When we're doing it

The vast majority of users already use encrypted connections and users can change to use encrypted connections right now. We plan to ensure that everyone has changed their email software configuration and then completely disable all non-encrypted connections to our servers by the end of June 2012.

Instructions for changing your email software

Outlook 2007

  • Click 'Tools' -> 'Account Settings' menu and select the 'E-mail' tab
  • Click on your Fastmail email account in the list and click the 'Change...' icon above the list
  • You should see a window that looks like this

  • Make sure the 'Incoming mail server' is set to mail.messagingengine.com as in the above picture.
  • If you are a paid user, make sure the 'Outgoing mail server (SMTP)' is also set to mail.messagingengine.com. If you are a guest/free user, please see the full setup instructions for more details.
  • Click the 'More Settings...' button and select the 'Advanced' tab
  • You should see a window that looks like this

  • Make sure the 'Incoming server (IMAP)' is set to 993 and the corresponding 'Use the following type of encrypted connection' pop up menu is set to SSL. If you are a paid user, make sure the 'Outgoing server (SMTP)' is set to 465 and the corresponding 'Use the following type of encrypted connection' pop up menu is set to SSL.
  • Click 'OK' to dismiss the dialog and return to the previous window
  • At this point, you can click the 'Test Account Settings...' button to test that the changes you've made are correct.
  • Click 'Next >' to complete the dialog and then 'Finish' to dismiss the dialog.

Thunderbird

  • Click Tools->Account Settings
  • In the pane on the left, select the 'Server Settings' item under your account

  • Click 'Ok'

Other email clients

If you use a different email program, the steps will be similar to those listed above - find the menu item or button that allows you to change your account settings, and usually you will need to find the advanced settings from there. The important details to ensure are:

  • Server name: mail.messagingengine.com (use this for both the incoming (IMAP) and outgoing (SMTP) server)
  • Incoming/IMAP port: 993 + TLS/SSL encryption
  • Outgoing/SMTP port: 465 + TLS/SSL encryption (not STARTTLS)

These settings will ensure that all communication between your email software and our servers is encrypted and secure.