Safer Internet: Improve Email Privacy


  • check email+ Would you prefer your messages to be public (postcard) or private (letter)?
  • + Avoid malware and scams


Email Account?

  • reasonsIs the email service provided by your ISP adequate, reliable, well-maintained?
  • Secure access via webmail (https:) and/or client app (SSL/TLS)? -- see next
  • How likely are you to move or change ISPs (and thus your email address)?
  • Can you access email easily while traveling, esp. sending?
  • Should you consider an alternate / additional, portable account? e.g., gmail, yahoo, outlook

[1] Webmail

  • Use https: for email in a web browser, i.e., for "webmail"
  • e.g.,,,
  • some sites communicate only via secure email "portal", e.g., medical, financial

[1] Email Client

  • attachment attackUse SSL (Secure Socket Layer, or newer TLS: Transport Layer Security) in an email client app, e.g., Mail on iOS / macOS; Thunderbird, Outlook, Outlook Express; network: {Figure 6. TCYOP-2: 47; TCYOP-1: 47}
  • i.e., for your account: login, transfer, sending
  • When adding an account, certain providers may have automatic settings,
    e.g., macOS: Mail > Accounts
  • Otherwise, check email app or email provider's site for configuration details, e.g., worksheet
  • spam replyLogin, transfer: enable SSL for IMAP or POP email; {TCYOP-2: Figure 16: 86; TCYOP-1: Figure 15: 86}
  • Do not use unencrypted POP, e.g., earthlink
  • IMAP: better for sharing messages & folders between devices; webmail; backup?
  • if using IMAP, check if supported by email provider; enable if necessary
  • macOS: Mail > Preferences > Accounts > (account) > Advanced > Use SSL
  • iOS: Settings > Mail, Contacts, Calendars > (account) > Account > Advanced > Use SSL
  • Sending: enable SSL, i.e., SMTP server
  • macOS: Mail > Preferences > Accounts > (server) > Account Info > Outgoing Mail Server (SMTP) >
    Edit SMTP Server List > (server) > Advanced > Use SSL
  • iOS: Settings > Mail, Contacts, Calendars > (account) > Account > SMTP > (server) > Use SSL

General Advice

  • zen monk no attachmentsDon't open/download unexpected attachments in messages; enable malware protection; check Sender
  • [2] macOS: Mail > View > Message > All Headers
  • [Refs]: "How Can I Find Out Where an Email Really Came From?"
  • Consider whether email is best method for communication / discussion. Even though email may be encrypted in transit to mail server, it may no longer be private when stored on mail server or on recipient's computer; what if it becomes public later? (ask Hillary and DNC)
  • Most email applications display messages as mini-web pages -- with problems (like web) of ad tracking, fraudulent links, etc.
  • Don't click on links in messages
  • To avoid displaying possible mal-content, don't open or display message in first place:
  • macOS: Mail > ctrl-click msg > Delete
  • macOS: Mail > (drag dot on separator bar -- between message list & preview area -- to bottom of window); select & delete message(s); restore bar
  • iOS: Mail > (swipe left on title in message list) > Trash
  • [Refs:Spam]: "So much for counter-phishing training: half of people click anything sent to them -- even people who claimed to be aware of risks clicked out of curiosity"
  • If your email account is hacked, changed password immediately.
  • If that same password was used for any other accounts, be sure to update those accounts also.
  • Check Sent/Trash for any messages sent by hacker, e.g., password resets for other accounts.
  • Turn on 2-factor authentication if available, strengthen security answers, etc.
  • ccVerify intended addressees before sending, i.e., To:, cc:; autocomplete/autofill may be incorrect
  • Use bcc: for groups to protect privacy and reduce Reply All volume
  • [Refs:Govt]: "Auto-complete blunder leaks passport details of world leaders"
  • When sending large attachments, enable "Mail Drop", which uses iCloud temporarily
  • macOS: Mail > Preferences > Accounts > (account) > Advanced > Send Large Attachments with Mail Drop
  • iOS: no need to set -- triggered automatically; select Use Mail Drop from popup
  • [Refs:macOS]: "How to send any file with Mail Drop in OS X"
  • [iOS]: "Use Mail Drop on iOS for Sending Large Files via Email"
  • When sending attachments to a Windows user:
  • macOS: Mail > File > Attach Files > Options > Send Windows-friendly Attachments

[1] Spam

  • monty python spamDon't forward chain letters or spam; check Snopes
  • Unsubscribe from reputable sources; otherwise, you just confirmed validity of your address to a spammer
  • It's difficult to reduce/eliminate spam once your email address has been disseminated, e.g., by replying to spammers, by making address public on a web site or forum, by malware harvesting your friend's Contacts, etc.
  • Use filters to minimize danger from phishing, and annoyance from spam;
    check Junk/Spam folder periodically for good messages, move messages to "train"
  • If using multiple devices and IMAP, centralize settings with mail provider
  • heaven Spam: no setup required
  • Settings > Filters
  • If not centralized, spam and filter settings for individual device:
  • macOS: Mail > Preferences > Junk Mail
  • macOS: Mail > Preferences > Rules
  • [Refs:Spam]: "How Spammers Spoof Your Email Address and How to Protect Yourself"
  • [Refs]: "The Big Three Email Nuisances: Spam, Phishing and Spoofing"

[2] Tracking

  • campaignDisable image display -- to minimize tracking; extra benefit: slightly faster display
  • macOS: Mail > Preferences > Viewing > Load content in remote messages
  • macOS: Mail > (individual message) > Load Remote Content
  • iOS: Settings > Mail,Contacts,Calendar > Load Remote Images
  • Some messages provide a link to view the message in browser, which, if configured properly, might provide better security.
  • more selective solutions are being developed to block 1x1 tracking pixels (all, or selected marketers) --analogous to Browsing : Adware); e.g., PixelBlock, UglyMail; stay tuned
  • [Refs:macOS]: "Fight Spam and Protect Your Privacy by Disabling Remote Content in Apple Mail"
  • [Refs:Track]: "A Clever Way to Tell which of Your Emails Are Being Tracked"
  • reply allCreate different email addresses for different purposes -- via different providers: Yahoo, Gmail, Live, etc.
  • or some providers allow "+" suffix, e.g.,, which appear in main Inbox
  • this allows you to track who gave out your address, and to setup email filters; addresses completely separate from your main account are desirable for password resets, even though inconvenient (and not acceptable to some receivers); it also could provide some anonymity if your address is leaked later
  • [Spam]: "Gmail: Your address has more or fewer dots (.) or different capitalization"