Once you have opened any mail that was insecure, the padlock symbol will remain. If you go back to the inbox and refresh your browser, it will show secure again until an insecure mail is opened.

Licquorice,

Thanks for this information. It just seems very odd to me that in this age of virus protection, firewalls etc etc that there are still so may so called "insecure e-mails" being sent and received.  I now ignore the insecure message as it's a bit like the boy who cried wolf!!

Unfortunately emails are no longer the simple text communications they were originally intended to be, with the advent of HTML they are just a huge advertising medium these days.

Hi Keith

I've just got this 'Not Secure' message since BT introduced some changes last week. To help a pensioner understand how to stop this, could you explain how to use the 'email client' to manage my emails?  I don't want to change my email address which I have had for nearly 20 years.

I'm afraid you are missing the point, you are getting the message because some elements of the email you have been sent are insecure. It is probably just a graphic in the mail that is insecure.

I get this problem on my bt email account. I forwarded one of the problem emails to my yahoo email account. The problem 'not secure' appears if I display the email with pictures on my bt account. When I display the same info on my yahoo account there is no warning. As far as I can tell BT outsourced their email and ever since then there have been a number of problems so perhaps the best solution is to use the email account from a different provider.

So, you would prefer not to be told about insecure elements in an email.

A bit like removing a bulb so you don't get a warning light.

As an example below the graphics in the email are transmitted by HTTP rather than HTTPS so are therefore insecure. Whether you consider that to be a problem is up to you, the warning just alerts you to the fact.

You would get the same thing if you visited the webpage directly rather than the email version.

A customer asked me about this today, and I found this and similar threads while looking into it. Although others have already answered the question in the literal sense, I've prepared what I hope is an accessible and comprehensive summary of the situation—including why it may seem particular to BT Mail.

The "Not Secure" notice you sometimes see is what we used to call a mixed content warning. Ideally, every part of a web page should be delivered via HTTPS, meaning it can't be intercepted or modified along the way—no matter how unlikely this actually is for a given Internet connection (for example, it may be less likely on home broadband than public Wi-Fi).

Email presents a challenge because messages sent by companies typically contain graphics to make them prettier and more like websites. For example, Amazon includes its logo in its "order confirmation" emails. Many such graphics are delivered via plain HTTP, and browsers like Chrome, Edge, Firefox and Safari alert you to this discrepancy: you've got a website that's doing its best to be transmitted securely (BT Mail) and yet something added to this particular page is arriving insecurely, relatively speaking.

Ideally, every company sending email would deliver graphics over HTTPS. But pragmatically speaking as security concerns go, it's not a top priority. So, you may see the Not Secure notice first appear when you open a message with third-party graphics, and it is normal for it to then persist for the rest of the session, even while you view other messages without such graphics. Note that in the current Chrome/Edge it carries an "i" for information icon, rather than the red warning triangle, to reflect its arguably less serious nature. So, as security warnings go, this one in BT Mail is one you can, on balance, safely ignore.

Note that using an "email client" like Thunderbird does not increase your security when it comes to loading email graphics. It just means you're not seeing the Not Secure notice!

Why don't we see the Not Secure notice in big-name webmail providers like Gmail and Hotmail? They deliver email graphics via a "proxy server". Behind the scenes, the companies emailing you are still serving "insecure" graphics, but your browser doesn't notify you because the last leg of their journey to your computer is made via the proxy which uses HTTPS regardless. Ideally, BT Mail should implement a proxy too—if only to stop people worrying about the Not Secure warning.