Email Security Basics For Beginners


Email is very important for individuals and business.

Protecting your email account is essential, and your email can be made more secure by following a few good practices.

If someone gains access to your email account they can take over that account, and if that account is used with other online services like Twitter,Icloud etc then they can do considerable damage.

This very interesting and disturbing article shows this to full effect.

There are two main aspects to email security.

They are account security and content security.

Tips For Secure Email

Don’t Use a Single Email Account

If you use a variety of Internet services like Amazon, icloud etc then it is important that you don’t use the same email address with all of them.

If you do, then access to this email account can give the hacker potential access to all of the services.

If you do use the same address always use a different password.

Use a Strong Password

Is your password 123456 or qwerty or password ?

Strange as it may seem they are the top 3 common passwords used on the internet.

Many email providers will show a password strength meter when you create a password, but not all enforce strong passwords.

Generally you should choose a password that:

  1. Is easy for you to remember
  2. At least 8 characters long
  3. Has a mixture of upper case and lower case characters
  4. Has numbers and special characters.

Also you shouldn’t use the same password on multiple accounts if possible, and you should also change passwords on a regular basis.

This can be difficult to achieve without writing down the passwords so as you don’t forget. However there are some simple tricks that enable you to Choose Strong Password that you can Remember

Consider Using Two Stage Verification

Two stage authentication or verification is offered by many online service providers, like Yahoo,Google, Paypal, Facebook etc. and works by making you enter additional information besides your password.

It generally works in conjunction with a mobile phone so you must have on,e and carry it to use this type of authentication.

Most providers don’t enable this by default!

See this lifehacker article for more details

Use an Email Virus Checker

Emails can contain viruses that can cause havoc to your computer but they can also allow hackers access to information that need.

Before you open email then make sure it has been virus checked.

Use SSL on WebMail, POP3, Imap4 and SMTP

SSL encrypts the data channel between your client and the email server.

An encrypted connection is important because the popular email protocols (SMTP, POP3, Imap4 and http (webmail) are clear text based protocols.

This means that if anyone was monitoring your internet connection they would see your username and password being sent.

Gmail and Yahoo webmail automatically use SSL with webmail access.

However if you access the Yahoo or Gmail mailbox using a client like outlook with IMAP or POP3 then you will need to configure the client to use SSL.


Don’t Use Email on Public Computers

If you use a computer in an Internet cafe , a library, or even a friends computer you have no idea what software they have running on the machine.

Monitoring software could potentially monitor key strokes and record you online activity.

If you must have access to email when you are travelling, and using a public computer then arrange for it to be forwarded to a Yahoo or Gmail account that you don’t use for anything else,, and don’t forward any confidential information to it.

Don’t Send Sensitive Information in Email

Passwords, bank account numbers, social security number are examples of the type of information that shouldn’t be sent as an email unless it is encrypted.

If you handle personal or confidential data for clients or individuals e.g. law firms,accountants,medical profession etc then any private data should be encrypted before sending via email.

Beware of Attachments

Don’t open email attachments directly but save them to a folder on your machine and then scan them with a virus checker.

If the attachment came from someone you don’t know then delete the email.

Beware of Links in Email

Have you ever received an email from a bank,Twitter,PayPal etc informing you that you need to login and reset your password?

This is the common format for phishing scams. Clicking the link will take you to a site that may look authentic but it isn’t.

Don’t click on links in email that comes from someone you don’t know.

Never click on links to any online account like your bank,PayPal, etc.

Securing Email Content

If your email content is very confidential then you will need to encrypt it.

Please note that using SSL on its own isn’t sufficient. See Securing Your Email with SSL and Email encryption and digital signatures


Here is a good  phishing quiz from SonicWall

Here a quick phishing test spot the fake email


Your email account is very important and making sure that no one else has access to it is essential.

Most security related problems come from carelessness, and not following simple best practices.

It can be very difficult to spot fake emails so always err on the side of caution.


Other Tutorials: