It’s true and you need to make some configuration changes as soon as possible if you utilize a Verizon email account.
I received the following notification this week that informs Verizon customers that Verizon’s Email servers are now supporting SSL when utilizing POP3 and SMTP to send and receive email from a traditional email client such as Mozilla’s Thunderbird, Microsoft’s Outlook or your Android or Apple Smartphone.
This is very exciting news because you hopefully already know that your username and password are sent in the clear when utilizing POP3 and SMTP (with authentication) when not utilizing SSL. So the answer to the ages old question of does Verizon support SSL encryption has changed? They now support SSL encryption on both the POP3 (receiving) and SMTP (sending) for traditional email clients.
You’ll need to dig deep into the settings to modify the port numbers that are utilized for both POP3 and SMTP, they can be found under “More Settings…”
You can find additional configuration information on Verizon’s website at this link.
I also recently noticed that Verizon now redirects any attempts to connect to http://webmail.verizon.net to the SSL secured site at https://webmail.verizon.net which again is very exciting from a security perspective.
Now you can safely utilize that public hotspot or guest network without worrying if someone is going to steal your username and password when you try and check your inbox. This change is long overdue and very welcome in my opinion.
Update: March 20, 2013
I just noticed that Verizon is only encrypting the actual login (passing the user credentials). They are not encrypting the entire session which includes the actual contents of the message or any attachments. This approach was helpful 5 years ago but not today, I’m not sure if Verizon is using secure COOKIES or not but this approach is usually susceptible to session hijacking.