Top 10 Email Security Tips

EQ Admin

EQ Forum Admin
Staff member
In no particular order here are my top 10 email security tips for protecting your email accounts :
  1. Do not use shared computers - If you must login to a shared or public computer only login to your throwaway email accounts, never an account that is important to you. When you are done on the shared computer clear the recent browsing history including the cookies, cache, form history, and passwords.
  2. Connect to the internet over secure internet connections. The wired connection at your house is good. The wired connection at your work should be OK too but it's somewhat more likely that there might be someone in your company who could be monitoring your internet traffic. Avoid wireless connections, especially public open wireless connections. You can mitigate some of the risk by only connecting to email accounts that encrypt the entire connection with HTTPS for all web pages and not just the login pages. For more information about threats related to using insecure wireless internet connections please see this article - Top 5 tips to prevent your email from getting hacked
  3. Create a strong email password. Never use simple or easy to guess passwords. For more tips on creating a strong email password please see this guide - Why you need strong passwords and how to protect them
  4. Scan all email attachments before downloading and opening them. This includes unexpected email attachments from people you know. Viruses and spyware easily spread through email attachments by emailing themselves to email addresses listed in contact lists and address books.
  5. If you need to email several people consider using BCC to copy in the multiple recipients. To help avoid the above issue in #4 you can help prevent the spread of known good email addresses by not giving 3rd parties access to your contacts list by using BCC lists and not copying in multiple To: or CC: addresses. Many mail programs and email service providers automatically add email addresses to their contact lists and address books.
  6. Do not save contacts into the address books of your throwaway email accounts and mail programs.
  7. Never share your private information. This includes logging into accounts using untrusted computers, giving a password to a technical support representative, or responding to an email that asks for you to confirm your account details. For more information about protecting yourself from phishing attacks please see this article - Secure and protect your email accounts from phishing scams
  8. Separate your email accounts. Keep several active email accounts open that you use for different purposes. This can include one or more personal email accounts that you use to email friends and family, a business email account, and some throwaway accounts that won't cause a problem for you if they get hacked or suspended. You may want to give your throwaway email address to those within your friends and family circle who like to send email forwards, hoaxes, and always seem to be the ones who need help removing the latest spyware from their computer.
  9. Do not save your email account passwords in your mail programs or web browsers.
  10. Regularly backup your primary email account.
 
Last edited:

foggy

Valued Member
Great list !

RE: #8: Services like FM or Google Apps are very helpful, since they allow for the creation of aliases that you can use as long as reasonable and then remove if/when the spam gets too much to handle. Removing an alias doesn't affect your main account or your saved email.

You can create an alias specifically for use with Amazon, another for Yahoo Groups, etc. If you notice that you start getting a lot of spam, not only can you eliminate the spammed alias address without having to start a new email account, but you can also easily see just which company gave out your address in the first place ! ;)
 

EQ Admin

EQ Forum Admin
Staff member
Years ago I used to make a new alias everywhere I signed up. For example I'd create ebay@ my domain, amazon@ my domain, paypal@ my domain, etc. I got away from that system when I moved from using my custom domains to Gmail as my primary personal email account. The reason for moving away from that system was because I went through some pain after selling what was my primary custom domain name. I've just started using +service on email addresses I give out. So now I have stuff like myUsername+newsletter@gmail.com. It should make it a little easier to determine who is leaking their lists of email account and stop some spam. It hasn't been much of a concern since Gmail generally does very well at filtering spam into my spam folder.
 

foggy

Valued Member
Years ago I used to make a new alias everywhere I signed up. For example I'd create ebay@ my domain, amazon@ my domain, paypal@ my domain, etc. I got away from that system when I moved from using my custom domains to Gmail as my primary personal email account.

I certainly don't want to ask anything too personal here, so feel free to ignore it: Do you no longer have any custom domains (for business or personal use) ? If so, (if you have none), what motivated the move ? (In my very limited experience, GA has some benefits not found in Gmail, like aliases, more control, etc., so I'd be interested in feedback -- from anyone -- about a decision to get rid of a domain and go strictly with another service's domain.)

The reason for moving away from that system was because I went through some pain after selling what was my primary custom domain name.
Do you mean the pain of having to change all your addresses ?

Fortunately, I don't use my domains (even the aliases of those) for any 'junk' purposes. I only use FM's own domains for junk addresses. For the time being, it seems like the best of both worlds for me.

With my short attention span, that will change.
 

EQ Admin

EQ Forum Admin
Staff member
I have several custom domains. EmailQuestions.com is obviously one of them :)

I've seen it mentioned a few times for example Big Dan saying he gives out and forwards the custom domain based email to Gmail, but what happens if/when you no longer control your custom domain name? If you sell the domain or let it expire one way or the other someone else could have access to the email address someday. After one of my domain sales I spent more than a year monitoring my email to that domain name. The new owner was nice enough to forward my address at that domain to my Gmail account, but there is no way for me to know if they created a copy+forward and were keeping a copy of all my emails. Do you really want to risk someone else seeing bank statements or other random (semi-)sensitive emails that you could be intermittently receiving?

I suppose I can take away from this that I should register a domain such as my-full-name.com and use that for my primary email. It is not a domain that I would sell. I can forward email from my personal domain to Gmail and continue to benefit from Gmail's great spam filtering. If I ever want to move from Gmail to a different email service provider the only thing I would need to change is the single forward from my personal domain name to the new email provider. Is it really worth it? Dot com domains are almost $20/yr now with Godaddy and some other registrars.
 

foggy

Valued Member
I have several custom domains. EmailQuestions.com is obviously one of them :)

I've seen it mentioned a few times for example Big Dan saying he gives out and forwards the custom domain based email to Gmail, but what happens if/when you no longer control your custom domain name? If you sell the domain or let it expire one way or the other someone else could have access to the email address someday. After one of my domain sales I spent more than a year monitoring my email to that domain name. The new owner was nice enough to forward my address at that domain to my Gmail account, but there is no way for me to know if they created a copy+forward and were keeping a copy of all my emails. Do you really want to risk someone else seeing bank statements or other random (semi-)sensitive emails that you could be intermittently receiving?

Yikes ! :eek:

Good points ! I suppose the above concern could also be true of any provider who recycles email addresses when someone cancels an account (thinking they won't ever get any more important email at that address). Even if it's not a custom domain, just 'username at yahoo' or something.

I suppose I can take away from this that I should register a domain such as my-full-name.com and use that for my primary email. It is not a domain that I would sell. I can forward email from my personal domain to Gmail and continue to benefit from Gmail's great spam filtering. If I ever want to move from Gmail to a different email service provider the only thing I would need to change is the single forward from my personal domain name to the new email provider. Is it really worth it? Dot com domains are almost $20/yr now with Godaddy and some other registrars.
FWIW, I have several domains (dot com's) registered through Namecheap: $9 each. :D

Thanks for your feedback !!
 
Top