Is it worth using SSL in Apple Mail?

With no TLS support, your current service provider is not providing the level of service that I'd consider absolutely necessary.

Find a better one.

Or — if you're going to be forced to change your email address — consider hosting your own domain, so that you don't have to go through the hassles again, and — with your own registered domain — you'll be able to migrate to self-hosting or a different provider much more easily.

Or use gmail or another provider, if that meets your requirements and expectations.

Additionally, there is very little email encryption available to the average consumer in this country (US); some countries in Europe have/are currently changing their methods with true encryption available to consumers with all ISPs participating. In other words, assume that no email content is safe.

Could you elaborate, babowa? SSL (TLS) encryption is necessarily common across email clients and servers. Certainly some providers are lax around enabling secure access and/or around maintaining current versions and patches on their servers, and more than a few providers still permit older and insecure SSL (TLS) versions and encryption algorithms, and other providers are not. Yes, STARTTLS is not ubiquitous (and not a panacea), but that's in the server-to-server path, not what's being discussed here. But I'm not aware of a technical difference here in the client-to-server path.

(This all ignoring privacy- and export-related regulations, and ignoring state-level surveillance activities.)

I think babowa is referring to end-to-end encrypted email so only the sender and receiver can see the contents of the email message.

BobHarris wrote:

I think babowa is referring to end-to-end encrypted email so only the sender and receiver can see the contents of the email message.

Ah, okay. There's connection encryption which is what the SSL/TLS settings provide, which is what I was discussing, and yes, there can be message-level encryption. Message-level encryption is feasible with OS X Mail.app and personal certificates, but that's not something many users will establish. (What confused me: ISPs do not usually participate in end-to-end message-level encryption using Mail.app or similar clients. ISPs can — should — provide support for clients wishing to use connection-level encryption.)

GPGmail is an add-on that can provide encrypted traffic, but a proper configuration can be somewhat tricky, and mistakes here can be costly.

Using message-level encryption without SSL/TLS and without STARTTLS between the SMTP servers exposes the message metadata, even if the message encryption is robust. This whether OS X Mail.app certificates or GPGmail or otherwise.

For most folks, TLS is a good start. If you're a bigger or more valuable target, then add message-level encryption.

The article I read a few months ago (from a German provider, written in German) was about encrypting the entire net - Europeans are far more concerned about privacy (and, at least when I was there, had very strict privacy laws). And yes, I was referring to end-to-end encryption which would be the default - nothing much to do for the consumer except agree to have it or not.