Helping people with computers... one answer at a time.

Encrypting a connection to your mail server requires more than just checking a box. Different ISPs have enabled it in different ways and on different ports.

I have several Windows Live email accounts and notice that under the 'Properties - Advanced' tab for the outgoing and incoming server that "This server requires a secure connection" boxes are unchecked. I figured that this will provide encryption by checking them. However, when I did testing, the emails failed until I unchecked them again. I asked Verizon about this and they claim that they don't support Windows Live Mail. Also, they mentioned I should be using servers 995 for outgoing and 465 for incoming. Mine are 110 and 25 and work and the others I read are for Windows Live Hotmail. Could you be so kind of as to clarify this since I can't get an answer?

In this excerpt from Answercast #54, I look at the various ports available on mail servers and how they handle encryption - both incoming and outgoing.

Encrypted email settings

So there's definitely some confusion in this question. Encrypting a connection to your mail server requires more than just checking a box.

The port number that we're talking about, the 110, the 25, the 465, the 995s, those need to be changed as well. In other words, ports that you're connecting to are either encrypted or not. So when you want to switch from an unencrypted transmission between your machine and the remote email server, you need to do both:

  • You need to change the port to one that will accept an encrypted connection;

  • And you need to set the encrypted connection flag.

Server ports

Now, very quickly I'll do this in numerical order starting at 25.

Port 25 is the port that's used to send unencrypted mail. It's the SMTP port. So your computer (when you send a piece of email) connects to the email server on port 25 and sends email through it unencrypted.

Port 110 is the POP3 email download port. In other words, when your email program wants to get email (get your email from your account), it connects to your email service's server on port 110 and asks it for your email. Port 110 is unencrypted, so it is all being transmitted in the clear.

Port 465 is a bit of a confusing one. It is used for sending email. Some servers will use it unencrypted. (In other words, it's exactly the same as port 25.) Some services will actually provide it as an encrypted alternative to port 25. But it is fundamentally, the same thing. It is still the SMTP email sending port that the server is listening for connections on. And depending on how your ISP has set it up, it may require an encrypted connection; it may not.

Port 587: Another port that you haven't listed is port 587. 587 is another SMTP sending port. It is typically encrypted.

Finally, port 995 is a POP3 port for downloading your email, but 995 is the encrypted version of 110.

Setting ports and encryption

So, if for example, your email program is currently configured to use port 110 and encryption is not required, if you want to encrypt (and if your email service supports encryption), then you would do both:

  • Setting the port to 995,

  • AND checking the "requires encryption" checkbox.

Now, I have to caveat all this because all of this depends on exactly what your email service (or your ISP) provides. These ports are not specific to Windows Live Hotmail. They're not specific to Microsoft. None of them are. They're actually quite generic.

The fact is that email service providers have many options. They all pretty much need to support the unencrypted 110 and 25. But since email encryption has become so important over the years, different ISPs have enabled it in different ways and on different ports. That's why there are so many options in your email configuration in your email program.

Check with your ISP

So, really you do need to go back to your ISP. In this case, I'm not sure if it was Verizon or whomever.

Ask them, "What are the settings I need to use in my email program in order to connect to your email server encrypted?"

  • They should give you a pair of ports, perhaps 995 and 465, and the fact that you should be setting the encryption flag for each of those ports.

  • They may be different ports;

  • And they may even say that they don't support encryption.

Those are the kinds of things that can happen. But like I said, just checking that box without changing the port number is probably not going to work because the port is going to handle one or the other but not both.

Article C5834 - September 20, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.