Your email is important. You need to know that your messages won’t be subject to snooping or be intercepted on the way to their intended recipients. That’s why, for the past year, we’ve been working on strengthening the privacy and security of your Comcast e-mail account, and are proud to announce another important milestone.

We recently completed the critical step of encrypting the Xfinity Connect webmail interface. This means that our web portal, which provides users with browser-based access to e-mail, voicemail and text messaging, now supports encrypted communications by default. Email between our systems and other domains like yahoo.com and gmail.com is encrypted as well, provided those domains support new email security protocols.

Encrypting your email makes it much harder for criminals – or anyone else – to see the messages you send and receive. The work we’ve done over the past year will ensure that the email messages our customers send and receive are encrypted as often as possible.

The technology we use, Transport Layer Security (TLS), is used to encrypt the transmission of data over the Internet. An encrypted message looks like gibberish unless it’s translated using the right "key." TLS is deployed between our servers and email clients, including POP/IMAP clients like Microsoft Outlook, as well as our web-based Xfinity Connect client.

Between our servers and other domains we use STARTTLS – a global standard for encrypting e-mail using TLS between domains. This allows for the encryption process to be completed seamlessly from one e-mail provider to another. In order for STARTTLS encryption to work the way it’s intended to, both the sender’s and the receiver’s email providers must support the technology.

Each time a new provider adopts STARTTLS, the security and privacy of the entire e-mail ecosystem improves.

We are committed to doing our part. Over the past year we have:



Encrypted our Xfinity Connect web interface to email, voicemail, and text messaging using TLS.

Ensured that inbound mail coming to Comcast customers from other domains (such as Yahoo.com) is encrypted using STARTTLS, provided that the sender’s domain supports encryption. As of this writing, approximately 40 percent of all inbound e-mail from external domains to Comcast users is encrypted, and we expect that to rise as more email providers adopt STARTTLS.

Ensured that all outbound traffic sent to other domains is encrypted using STARTTLS (again, if the other domain supports it).

Upgraded our mobile email app – Xfinity Connect Mobile – to support TLS encryption.



[Click to download PDF]

With these steps, we have significantly strengthened security and privacy for Comcast email users, though in the world of Internet security, our work is never truly done. New threats and challenges emerge every day, and we need to stay a step ahead to provide the best and strongest protection.

We’ll keep you updated every step of the way and will keep working to ensure that your email stays secure and private.

Update: In response to some questions we have received, we wish to note that Comcast fully complies with all legal requirements under which we operate, such as CALEA, and we recognize the important and life saving role that cooperating with law enforcement requests can play. We annually report such requests in our Transparency Report. However, Comcast does not support the creation of extra-legal "backdoors," or the inclusion of deliberate security weaknesses in open source or other software to facilitate surveillance without proper legal process. Our customers care about the security of their Internet service, and they have spoken out on this issue. We continue to push for greater security in our services, and we’re supporting and working with Cryptech, the Internet Society, the Internet Engineering Task Force, and others on this important issue.