Certificates are in place for secure sending and receiving.

Certificates for IMAP & Post

2004 Oct 05 16:52 BST

We now have in place properly signed certificates for imap.tidymail.co.uk and post.tidymail.co.uk

For those of you that are collecting via secured IMAP or secured POP, or those sending via TLS over SMTP or via SSL should no longer see warnings about unrecognised certificate authority.

Huh ?

For those of you that are wondering what this all means a small explanation is in order.

Traditionally email has been fetched and sent between users and ISPs in the clear. This means that the ID and password when you login to fetch your mail, and all the mail you send and receive can be seen by anybody who can arrange to listen to the data somewhere as it passes between you and the server.

To overcome this security flaw it is possible to secure the connections with encryption. This step overcomes the problem of someone listening to the connection but does not solve the problem of a more malicious person inserting themselves into the link and pretending to be the server (or user). To deal with this issue the key files that are used can be signed by Trusted authorities. Browsers and Email clients that support encryption usually come with a list of Root Certificate Authorities. These are companies that will sign a certificate of someone else stating that this other person is who they say they are. Various checks are performed to ensure that this is the case but the result is that your browser or email client is presented with a certificate claiming to be us, and it is signed by one of the companies in your clients list of Root Certificate Authorities. This means you have a very good degree of confidence that the connection is actually with us and is highly unlikely to be readable.