The danger of not using SSL is not only that the emails are not encrypted, but the user name and password will not be encrypted if you are using Basic authentication. However, just because you are not using https to connect does not NECESSARILY mean that you are not using SSL. Many admins (myself included) will add a redirect to their IIS configuration that allows users to enter the "
http://" on the address line but they are redirected to an "
https://" website. You can tell if this is the case by looking at the URL that comes up after you log in. If the final URL is "
https://" then of course you are using SSL.