The iPhone encourages “risky” network behavior. The cellular EDGE connection is slow enough that its tempting to connect to any available WiFi network. Unfortunately this has security implications, because the network owner can peek into all your traffic if they are so inclined.
Encryption can help. Your connection to the sensitive parts of bank and retail websites is almost always encrypted SSL. Most other websites don’t use encrypted connections. There are ways to address this by using a VPN or secure proxy server with your iPhone, but neither option is easily available to the average user.
One think you can do is turn on SSL encryption for sending and receiving e-mail, which many web hosts support. These options are available in the advanced settings for each e-mail account. I had no trouble encrypting my IMAP connection, which the iPhone uses to receive new messages and manage my e-mail boxes, but it didn’t work for outgoing SMTP mail.
A little research and I found the problem. SSL encrypted IMAP and SMTP use different ports from unencrypted IMAP and SMTP. The iPhone automatically adjusts the port when you turn on SSL encryption for your IMAP connection, but keeps using the standard SMTP port when you turn it on for SMTP.
The solution is simple. For the outgoing webserver, just add the right port number (typically port 465) to the end of the hostname. If you are a pair.com customer like I am, and you use their mail server for outgoing mail, your outgoing mail server when you turn on SSL encryption for SMTP should be listed as “relay.pair.com:465”
Thanks for the info! I had to come to it all by myself 🙂 Now I am using smtp.com for the outgoing – they support both SSL on and off, plus have multiple ports available. In case of difficulties I can always change smtp.com:25 to smtp.com:2525 and continue sending out well 🙂
Hmmm, doesn’t work for me. I’ve also tried turning SSL off and using ports 25 & 2525. Either way it tells me that the connection to relay.pair.com has failed. PAIR support hasn’t been able to help. I wonder what the heck I need to do.
I found a security issue with the iphone/ipod email client:
Apple iPhone and iPod touch Email SSL Certificate Validation Information Disclosure Vulnerability
Apple iPhone and iPod touch are prone to an information-disclosure vulnerability.
Successfully exploiting this issue may allow an attacker to perform man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks.
Click the “website” link for more info.