Helping people with computers... one answer at a time.

I'm not sure what additional security you're looking for in Thunderbird. A secure connection is something that can be done in either program.

I just switched to Thunderbird 15 email from Outlook 2010 for better security. In the process, I chose to retain my old email address. In order to get and receive messages, I needed to enter "None" for the security type for both outgoing and incoming servers, and also enter the exact same ports for those servers for Outlook. Somewhere along the line, when entering the old ports, a warning came up about my understanding the risks, and I chose to continue with those ports and "None" security settings. With my present setup, would you say that Thunderbird is still significantly more secure from viruses, phishing, etc than Outlook 2010?

In this excerpt from Answercast #56, I look at the merits of security in Thunderbird vs. Outlook.

Email security

So I've never really considered Outlook 2010 to be non-secure. I consider Outlook and Thunderbird to be relatively equivalent on the security scale.

That's not to say, "Outlook Express." Outlook Express is a different program from Outlook, and I think that everybody should be migrating away from Outlook Express. But Outlook 2010 is a fine email program and I really don't have any security issues with it at all.

Now, that being said, the security that you're discussing here... I'm not really sure what it is you're trying to avoid.

ISP security settings

The way that your computer connects to your ISP is not something that would change simply by changing email programs. If your ISP requires a certain type of connection on a certain type of port in order to access your email, that's independent of the email program you're using.

In other words, yes, absolutely. The settings that you would be using in Outlook would be exactly the same settings that you would be using in Thunderbird. There would be no difference. Those settings are determined by your ISP or your ESP (your email service provider).

Set up a secure connection

Now, that being said, you might want to look into your email service provider and see if perhaps they do provide you the opportunity to make secure selections.

The difference in the connection that we're talking about here is that usually, for example:

  • For sending email, port 25 is the port that's being used for SMTP (outgoing email) and it's not encrypted, which means that anybody snooping in on your internet connection could see the email you're sending. It's one of the things you don't want to have happen, for example, in an open Wi-Fi hotspot.

Now, there are usually alternatives.

  • Port 465 (if I'm not mistaken) or 587 - Those are ports that some email service providers provide as additional ways to send your email that allow you to check that encrypted box, "Use SSL security."

So what happens is when email is sent on those ports, the email, (the connection itself) is actually encrypted between your computer and the email server. That means that anybody snooping in on your ethernet connection or your Wi-Fi connection would only see encrypted noise. They wouldn't be able to actually see the messages that are going back and forth.

Outlook vs. Thunderbird

But again, those are functions provided by your email provider and they are functions that you could use just as equally in Outlook as you could in Thunderbird. The email program makes no distinction between the two; it simply needs to be configured correctly to use whatever it is your email service provider is providing.

Other security beyond that? I'm not really sure what it is you're looking for. Email programs certainly have a level of phishing protection (both of them do these days). Viruses... kind of, sort of, maybe?

The choice that you're making here, the migration from Outlook to Thunderbird, while I laud it (because I like Thunderbird as an email program), that liking has nothing to do with the security merit differences between the two. I think they're both pretty secure.

I happen to like Thunderbird as a simpler interface. It's a relatively faster program. It uses a storage model that I prefer. But I'm not really sure what additional security that it is you're looking for here. The connection that we've talked about, the connection that you've brought up, is something that could be done in either program.

Article C5857 - September 27, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Dan Aquinas
September 28, 2012 12:16 PM

Can I assume by your reference to ". . . uses a storage model I prefer." in the last paragraph that you're refering to the "File Format" bullet (#3) in the Thunderbird - A Free, Open Source, and Powerful Email Client" article? If so, I too find this aspect of Thunderbird design a powerful argument for its adoption.

September 28, 2012 2:44 PM

The main concern is whether "Thunderbird is still significantly more secure from viruses, phishing, etc than Outlook 2010."

I don't know. I've never used Outlook 2010.

But I love Thunderbird. It will analyze a message and give you a warning if it thinks it is phishing, or faking something.

For example, it thinks Leo's newsletters are a scam because not all the links go back to the sender's domain. Now I know Leo's not a scam, so I ignore the warning.

I received an email the other day and the email was impersonating Facebook, telling me of a post on my wall. When I clicked on the link to follow the comment, it warned me that I might not be going where I think I'm going, do I really want to go there?

Also, if the sender is in your email address book, it puts a yellow star beside their name. Of course an email could make the email from a known contact and fool you, but if it doesn't have a yellow star, the first thing I ask is why should I trust the sender?

Thunderbird also has a trainable Junk setting. Mark your spam as Junk and it will learn the kinds of things you consider to be junk.

Does Outlook 2010 do all that?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.