Email Security Enhancement

The first email was sent over 50 years ago, and it remains the most popular form of communication (along with the mobile phone) these days. According to Statista we have been sending approximately 320 billion emails every single day in 2021. And this figure is only expected to grow. We use emails to communicate all sorts of things and taking this into account it is amazing how insecure this technology is if we don’t give it a thought.

The email is usually the primary means of recovering access to our accounts if we forget the username or password and to if a hacker gets access to our emails, it provides them with an access point through which they can compromise all our various accounts. For that reason alone, email security is of utmost importance for our digital safety.

Many of the big free email service providers don’t have a good reputation for respecting user privacy. Gmail was caught allowing third parties full access to users’ emails as well as tracking all their users’ purchases. Yahoo turned out to be not much better, scanning emails in real-time for the US surveillance agencies. There are more examples of such bad standards.

Here are some email good practices worth implementing to increase the security of your electronic communication.

1. Have more than one email address

Use a separate email address (or more than one) for security-critical communications such as your banking or utilities. In case of a data breach, this can help reduce the degree of damage caused and make it easier to recover a compromised account.

2. Keep your email address private

Don’t ‘advertise’ your security-critical email to the public. Publicly accessible email addresses can be easily used in phishing attacks.

3. Keep your email account secure

Use a long and unique password. Enable 2 Factor Authentication and be mindful when logging in – your email account is the easiest entry point to all your other online accounts for a malicious hacker.

4. Disable automatic loading of remote content

Email addresses can contain remote content such as images or stylesheets which can automatically load from the server. Disable this function as it exposes your IP address and device information and can be used for tracking.

5. Use plaintext (advisable)

Email usually comes in two main forms – plaintext and HTML.

Plaintext is the preferred version for privacy and security reasons.

HTML often includes identifiers in links and inline images, which can collect usage and personal data. There is also the risk of remote code execution targeting the HTML parser of your mail client.

6. Don’t install third-party apps to your email account

If you give a third-party app (or a plug-in) access to your inbox, practically they have full, unrestricted access to your emails and their content, posing significant security and privacy risk.

7. Don’t share sensitive data via email

Emails can be easily intercepted. For this reason, you shouldn’t use it to send or receive confidential data unless it is encrypted.

8. Switch to a secure email provider

Consider using an email provider which allows for end-to-end encryption, and offers high privacy and more security-focused features. With end-to-end encryption in place, your mailbox cannot be read by anyone but you as all messages as encrypted. ‘Free’ email providers such as Google, Microsoft, and Yahoo scan emails and use the information obtained to deliver advertising content, for other analytics purposes, and for law enforcement use. Such actions pose serious security and privacy threat.

9. Use aliasing / anonymous forwarding

Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. It allows you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. What’s also important, you do not need to reveal your real email address to any company.

10. Use a custom domain

Using a custom domain means that you are not dependent on the address assigned by your email provider and can easily switch providers in the future should the provider discontinue their service.

11. Sync with a client for backup

To avoid losing temporary or permanent access to your emails due to unforeseen circumstances (such as an outage or account lock) sync/ backup your messages from multiple accounts via IMAP and store them locally on your primary device using a local email client.

12. Be careful with email signatures

You do not know how secure of an email environment the recipient of your message may have. There are several extensions that automatically crawl messages and create a detailed database of contact information based upon email signatures, and sometimes message content. If you send an email to someone who has something like this enabled, then you are unknowingly entering your details into this database

13. Be careful with auto-replies

Out-of-office automatic replies are very useful for informing people there will be a delay in replying, but all too often people reveal too much information- which can be used in social engineering and targeted attacks