When you use mail, bad actors can intercept, read, and tamper with your emails or email credentials,
compromising your confidential information. Get peace of mind by protecting mail connections with SSL/TLS certificates.
This topic explains which connections you need to secure and how to do it.
The path of an email from the sender to the recipient includes several points where it can be compromised.
SSL/TLS certificates protect sensitive data by encrypting connections.
To receive all-round protection when using mail,
you need to use SSL/TLS certificates to secure the whole mail transmission chain, which consists of the following:
- The connection between a user’s browser and webmail running on a web server.
For simplicity, we call it “securing webmail”. - The connection between the Plesk mail server and the sender’s MTA.
For simplicity, we call it “securing the Plesk mail server”.
1 Securing Webmail
When you access your mailbox via webmail,
a connection between your browser and webmail running on a web server is established.
To protect transferred emails and email credentials from being compromised, webmail is by default secured
with the same self-signed SSL/TLS certificate Plesk is secured with.
The self-signed SSL/TLS certificate encrypts the transferred data
but each time you access your webmail you see a warning message about an untrusted SSL/TLS certificate.
To stop seeing this warning, secure webmail with a valid SSL/TLS certificate.
To secure webmail with an SSL/TLS certificate:
-
Get a wildcard SSL/TLS certificate or a SAN certificate
that allows to configurewebmail.<domain>in SAN. You can do so by:- Getting a free wildcard certificate from Let’s Encrypt. If you go with this option, skip step 2.
Note: We strongly recommend this option because one wildcard certificate protects all necessary mail connections.
-
Go to Mail > the “Mail Settings” tab, click the domain name, select the SSL/TLS certificate for webmail,
and then click OK.
2 Securing the Mail Server in Plesk
Ask your hosting provider if…
with