[Big Mac]

I'm a little concerned about email password security. On my MobileMe account, for example, my incoming mail authentication is encrypted. However, when I authenticate to send messages out, the only way I can authenticate is with my user name and password without encryption. So my assumption is, while my account login may well be secure when I fetch messages, sending anything out defeats my security because my login is being sent out in the clear.

Whenever I've attempted to use secure SMTP login, my SMTP has failed. Is there something I'm doing wrong, or is this an oversight on the server side that makes users vulnerable to login sniffing?

[sfederman]

Try setting your SMTP port to 587, instead of using the default ports (if you are using Mail.app). That should work with SSL...

[ChrisF]

On my computers, the MobileMe SMTP server is set to use SSL, so it should work. I left the port configuration at the default. What exact error are you getting when you try to use SSL?

[besson3c]

Technically outgoing mail authenticate is not encrypted with SSL, it is encrypted with TLS, unless you use a really old ass email program like Outlook Express Windows or Entourage v.X. Mail just refers to the encryption as SSL even though it in fact isn't.

port 587 + TLS is pretty common, if others say that MobileMe is setup that way I would not be at all surprised.

I'm surprised that Apple even permits unencrypted authentication. That's frankly pretty lame.

[Cold Warrior]

Like others have said, it's probably something in the way it's configured on your email client. See if these tips help you. MobileMe: Issues sending messages in Mail or other email applications

[Big Mac]

Okay, for example, I'm using Windows Live Mail (the replacement for Outlook in Windows 7). Currently I have under Outgoing Mail Server the setting checked "My server requires authentication." When I click settings i see that the first radio box is active, "Use same settings as my incoming mail server"
and the option to "Log on using secure password authentication" is dimmed. I guess that means my password is going out in the clear.

I think Windows Live Mail's configuration interface isn't optimal, but when I tried to give it my Account Name and Password again and click to log on using secure authentication, it failed every time. There's no advanced setting for TLS or port numbers that I can find. I used to use Opera's mail client until it stopped checking mail reliably, but with it I could still only do basic login. (I first tried Thunderbird but no matter what I did it couldn't send mail out at all.)

I'll have to look at my settings in Mail on my MBP tomorrow to see if it uses secure SMTP. I think it does, but I can't figure out why Windows clients can't handle it. Could it possibly be a MobileMe Apple quirk?

Quick Edit: Okay, I reviewed my configuration in Opera and it was set for SMTP encryption. Apparently it was just Microsoft's lame mail client. I also now have seen that Opera 11 is reliably fetching my mail again, so I guess I'll just switch back. Sorry for jumping to the wrong conclusion that Apple was at fault.

[besson3c]

Originally Posted by Big Mac 

Okay, for example, I'm using Windows Live Mail (the replacement for Outlook in Windows 7). Currently I have under Outgoing Mail Server the setting checked "My server requires authentication." When I click settings i see that the first radio box is active, "Use same settings as my incoming mail server"
and the option to "Log on using secure password authentication" is dimmed. I guess that means my password is going out in the clear.

Secure Password Authentication is some Microsoft thing that doesn't seem to be used much, if at all. This is totally different than SSL/TLS encryption.

I think Windows Live Mail's configuration interface isn't optimal, but when I tried to give it my Account Name and Password again and click to log on using secure authentication, it failed every time. There's no advanced setting for TLS or port numbers that I can find. I used to use Opera's mail client until it stopped checking mail reliably, but with it I could still only do basic login. (I first tried Thunderbird but no matter what I did it couldn't send mail out at all.)

You definitely don't want Secure Authentication checked for the vast majority of ISPs, including MobileMe. Login will fail with this checked.