Since I am stuck with AT&T 2G on my N900, whenever I get a public Wifi I connect to it. In Email Settings, I have set "Update Automatically" and "Update When Connected via --> Wifi". Because this doesn't say which Wifi, the emails are synced on all Wifi networks including public (unencrypted) networks.

So my questions are:
1) Are the IMAP and POP3 transactions safe on a unencrypted Wifi connection?

2) If no, is there a way to specify which Wifi connection (only) to use for automatic syncing of emails?

they are safe if your pop3 server are configured with an encription method (both ssl and tls works)

for both connection and authentication.

check your modest settings

You can tell the mail client to use secure authentication and a secure connection (SSL) which will allow you to safely check your e-mail from most any access point.

Some could say "but man in the middle attack!" but that requires breaking the chain of trust for certificates, and is highly unlikely.

but man in the middle attack! oh, dont hear me. wmarone already told you that.

Passwords depend on your email service and if they use SSL. For instance Road Runner email does not use SSL. If the service does use it your login and passwords are mostly safe. The text/body of emails likely are not. Neither is your general web browsing (without https).

Thank you all for your responses. I enabled SSL for all email accounts now.


Why do you say part of the IMAP/POP3 transactions are not secure? In web I can understand that some sites use https and some dont. But once an email client connects to an IMAP server using SSL, wouldn't all the transactions remain encrypted until the connection is closed?

With IMAP and POP3 you have the option of encrypting just the passwords (all other traffic is sent in the clear) - for full encryption between you and the mail server you can use IMAP(s) or POP3(s) - These latter protocols are on different ports.

Also if security is an issue when sending email, you might want to consider smtps as well.