An email address is essential for most transactions these days, from activating a smartphone, to making online purchases, to setting up an online account. An email address is more than just another method for someone to contact you. Your email account may contain sensitive and important communication and is often connected to important accounts, such as your bank. Ensuring that your email address is secure – that only you have access to it – is critical. This document offers suggestions on how you can make your email address as secure as possible.
WHICH EMAIL SERVICE TO CHOOSE?
Major email providers will let you set up as many email addresses as you want, for free. Some of these email providers include: Gmail, YahooMail, or Microsoft Outlook (formerly Hotmail). The benefit of these email services is that they are fairly easy to use. You can access them online via a web browser or set it up so that email is accessed via a mobile email app or computer email program.
If you are worried about someone hacking your email, an end-to- end encrypted email service may be what you want. There are email providers that offer email encryption. For example, ProtonMail is completely encrypted, and you can set it so that the email is no longer available after a certain time period. Other free encrypted email services include Tutanota and Mailfence.
Keep in mind, however, that these services may be slightly more complicated to use than traditional email. For example, some encrypted email service may require that the person to whom you’re sending the email also use the same email service or that to read the email, they click a link and read the email on a web browser. Also keep in mind that encrypted email will not prevent someone from seeing your email if they know your email address and password or if you are using a monitored device.
Other ways in which you may have an email address is when you activate certain services, such as a broadband or DSL/ADSL (internet) service or when you create an apple ID (e.g., firstname.lastname@example.org or email@example.com). Your school or your employer may also create an email address for you. Generally, these email accounts are automatically created and limited to your association with the school, employer, or service.
It is possible to use a popular commercial email service, such as Gmail or Yahoo, and still have a secure account. Email security often comes down to passwords, the security of the device used to access email, and good email security and privacy habits.
SETTING UP AN EMAIL ADDRESS
Email privacy and security starts when you first create the email account.
Women experiencing violence and stalking may not want an email address that easily identifies them. When you set up an email address with a commercial email service, the email doesn’t have to be identifiable to you. You can use anything for your email address, such as firstname.lastname@example.org.
During the setup, the email service provider will ask for information to associate with your email address, including your name and date of birth. You can use a pseudonym and a fake date of birth. Just remember the pseudonym and birthdate you use in case you need that information to verify your account. Some email services also ask for (and some require) your gender, mobile number, and a secondary email address. Some services allow you to bypass those questions without entering anything; if it requires the information, it will not let you complete setting up the email until you do. For example, Gmail requires a name, username, password, date of birth, and gender; however, you can leave the mobile number and current email address blank and continue. Yahoo Mail requires a name, email address, date of birth, and mobile number while gender is optional.
Outlook mail only requires your name, email address, and password.
This is useful only if you have a secondary email or mobile number that no one else has access to. If someone else does have access to that email/smartphone, they could sign into your account even with two-step verification or it may let them know when you try to sign into your account from a new location or device. Depending on your situation, you may not want to have two-step verification turned on until you first secure the secondary email and mobile number.
If you don’t provide a secondary email or mobile number, the email service may periodically ask that you provide one when you sign into your email account later on. In most cases, you can ignore these requests and hit continue or OK without entering anything. Secondary email and mobile numbers can be a very useful security step – but only if it works for you. If you don’t have a secondary email or mobile number or the email and mobile number you have has been compromised by someone else, entering this information will not make your account more secure. Make sure your secondary email account and mobile number is secure before you use it.
In addition to having a strong password and using the security features (two-step verification) the email service provides, practicing good email security and privacy habits are important to ensure that no else can sign into your email account or see your email.
If you check your email on your smartphone via the email app or on your computer/laptop via an email program, you may not be able to easily log off. In this case, you have a few options. You can make sure your phone or laptop is secure and that others can’t access it without your knowledge. Putting a passcode or password on the device will help limit this access. In some cases, you may even want to remove the email account from your email app or program. Some people do this when they are traveling or are concerned that someone untrustworthy could have access to their device. You can always check your email via the web browser or configure the email app or program to access your email after you are sure that your phone or computer is secure.
Some web browsers and smartphones will ask if you want it to store your email passwords or to “remember me.” In this case, it will remember both your email account + passwords. If you are concerned that someone else may have access to your devices, don’t allow it to store your passwords. This may be convenient for some less sensitive accounts, such as your Netflix log-in, but for your email account, you want it to be secure.
You can create a junk email account for when you have to provide an email address but don’t really want to receive emails from them. This email account is specifically for “junk mail” and should not be set up to receive important information, such as statements from your bank, or be connected to important accounts, such as your smartphone service.
Some email services let you create short-term email accounts. These email addresses lasts 10 minutes to 24 hours, so it’s very temporary. Generally, the way these work is the service assigns you or you create a temporary email address. When you give out that email address the emails are sent to that particular email service’s website, where you can check for the sent email. This is helpful for when you need to provide an email address to “confirm” signing up, but you don’t want to provide your actual email address. Keep in mind that some of the temporary email services have no privacy, which means that anyone who knows the fake email address can see all the emails sent to that fake email address (examples of public temporary email services: Mailinator or Maildrop). Other temporary email services include Guerrilla Mail or 10-Minute Mail.
A more long-term solution to protecting your email address is a service like Abine Blur. Abine Blur is a web browser extension for desktop and mobile that basically acts like a forwarding service. It “blurs” your real information so the receiver gets an anonymized email address, and not your actual email address. When they reply, Abine Blur forwards the reply back to you to your real email address. On your end, you’re sending emails back and forth like normal, but on the receiver’s end, they only see the anonymized email address.
©2019 BC Society of Transition Houses, Technology Safety Project.
Adapted from and in cooperation with the WESNET Safety Net Australia project at the Women’s Services Network, Australia