Safer Internet: Improve Email Privacy

Why?

  • check email+ Would you prefer your messages to be public (postcard) or private (letter)?
  • + Avoid malware and scams

Quotes

Email Account?

  • reasons not answered space time fabricIs the email service provided by your ISP adequate, reliable, well-maintained?
  • Secure access via webmail (HTTPS:) and/or client app (SSL/TLS)? -- see next
  • How likely are you to move or change ISPs (and thus your email address)?
  • Can you access email easily while traveling, esp. sending?
  • Should you consider an alternate / additional, portable account? e.g., gmail, yahoo, outlook

[1] Webmail

  • Use HTTPS: for email in a web browser, i.e., for "webmail" on your ISP's website
  • e.g., gmail.com, mail.yahoo.com, webmail.aol.com
  • Some ISPs, e.g., ashlandhome.net, may support HTTPS: only for desktop (not mobile) browser
  • If ISP also doesn't support SSL/TLS in email client (next), obtain a separate secure (free) account for your main communication, e.g., gmail
  • Some sites communicate only via secure email "portal", e.g., medical, financial

[1] Email Client

  • monster attackUse SSL (Secure Socket Layer, or newer TLS: Transport Layer Security) in an email client app, e.g., Mail on iOS / macOS; Thunderbird, Outlook, Outlook Express; network: {Figure 6. TCYOP-2: 47; TCYOP-1: 47}
  • i.e., for your account: login, transfer, sending
  • When adding an account, certain providers may have automatic settings/templates
  • iOS: Settings > Accounts & Passwords > Add Account
  • macOS: Mail > Accounts > +
  • Otherwise, check email app or email provider's site for configuration details, e.g., worksheet
  • holymolyLogin, transfer: enable SSL for IMAP or POP email; {TCYOP-3: Figure 16: 96; TCYOP-2: Figure 16: 86; TCYOP-1: Figure 15: 86}
  • Do not use unencrypted POP, e.g., earthlink
  • IMAP: better for sharing messages & folders between devices; webmail; backup?
  • if using IMAP, check if supported by email provider; enable if necessary
  • iOS: Settings > Mail, Contacts, Calendars > (account) > Account > Advanced > Use SSL
  • macOS: generally, adding a new account will automatically enable SSL for receiving & sending; to check this:
  • macOS: Mail > Inbox > (ctrl-click) > Account Info > Summary > Incoming SSL: on
  • macOS (older): Mail > Preferences > Accounts > (account) > Advanced > Use SSL
  • knobSending: enable SSL, i.e., SMTP server
  • iOS: Settings > Mail, Contacts, Calendars > (account) > Account > SMTP > (server) > Use SSL
  • macOS: Mail > Inbox > (ctrl-click) > Account Info > Summary > Outgoing SSL: on
  • macOS (older): Mail > Preferences > Accounts > (server) > Account Info > Outgoing Mail Server (SMTP) >
    Edit SMTP Server List > (server) > Advanced > Use SSL

General Advice

  • zen monk no attachmentsDon't open/download unexpected attachments in messages; enable malware protection; check Sender
  • [2] macOS: Mail > View > Message > All Headers
  • [Refs]: "How Can I Find Out Where an Email Really Came From?"
  • Consider whether email is best method for communication / discussion. Even though email may be encrypted in transit to mail server, it may no longer be private when stored on mail server or on recipient's computer; what if it becomes public later? (ask Hillary and DNC)
  • Most email applications display messages as mini-web pages -- with problems (like web) of ad tracking, fraudulent links, etc.
  • checkingDon't click on links in messages
  • To avoid displaying possible mal-content, don't open or display message in first place:
  • macOS: Mail > ctrl-click msg > Delete
  • macOS: Mail > (drag dot on separator bar -- between message list & preview area -- to bottom of window); select & delete message(s); restore bar
  • iOS: Mail > (swipe left on title in message list) > Trash
  • [Refs:Spam]: "So much for counter-phishing training: half of people click anything sent to them -- even people who claimed to be aware of risks clicked out of curiosity"
  • If your email account is hacked, change password immediately.
  • If that same password was used for any other accounts, be sure to update those accounts also.
  • Check Sent/Trash for any messages sent by hacker, e.g., password resets for other accounts.
  • Turn on 2-factor authentication if available, strengthen security answers, etc.
  • ccVerify intended addressees before sending, i.e., To:, cc:; autocomplete/autofill may be incorrect
  • Use bcc: for groups to protect privacy and reduce Reply All volume
  • [Refs:Govt]: "Auto-complete blunder leaks passport details of world leaders"
  • reply allWhen sending large attachments, enable "Mail Drop", which uses iCloud temporarily
  • macOS: Mail > Preferences > Accounts > (account) > Advanced > Send Large Attachments with Mail Drop
  • iOS: no need to set -- triggered automatically; select Use Mail Drop from popup
  • [Refs:macOS]: "How to send any file with Mail Drop in OS X"
  • [iOS]: "Use Mail Drop on iOS for Sending Large Files via Email"
  • When sending attachments to a Windows user:
  • macOS: Mail > File > Attach Files > Options > Send Windows-friendly Attachments

[1] Spam

  • monty python spamDon't forward chain letters or spam; check Snopes
  • Unsubscribe from reputable sources; otherwise, you just confirmed validity of your address to a spammer
  • It's difficult to reduce/eliminate spam once your email address has been disseminated, e.g., by replying to spammers, by making address public on a web site or forum, by malware harvesting your friend's Contacts, etc.
  • spam replyUse filters to minimize danger from phishing, and annoyance from spam;
    check Junk/Spam folder periodically for good messages, move messages to "train"
  • If using multiple devices and IMAP, centralize settings with mail provider
  • gmail.com: Spam: no setup required
  • gmail.com: Settings > Filters
  • If not centralized, spam and filter settings for individual device:
  • heaven angels 5.73macOS: Mail > Preferences > Junk Mail
  • macOS: Mail > Preferences > Rules
  • [Refs:Spam]: "Happy Birthday, spam! Not so many happy returns"
  • [Refs:Spam]: "How Spammers Spoof Your Email Address and How to Protect Yourself"
  • [Refs]: "The Big Three Email Nuisances: Spam, Phishing and Spoofing"

[2] Tracking

  • campaignDisable image display -- to minimize tracking; extra benefit: slightly faster display
  • macOS: Mail > Preferences > Viewing > Load content in remote messages
  • macOS: Mail > (individual message) > Load Remote Content
  • iOS: Settings > Mail,Contacts,Calendar > Load Remote Images
  • Some messages provide a link to view the message in browser, which, if configured properly, might provide better security.
  • more selective solutions are being developed to block 1x1 tracking pixels (all, or selected marketers) --analogous to Browsing : Adware); e.g., PixelBlock, UglyMail; stay tuned
  • [Refs:macOS]: "Fight Spam and Protect Your Privacy by Disabling Remote Content in Apple Mail"
  • hiring[Refs:Track]: "A Clever Way to Tell which of Your Emails Are Being Tracked"
  • Create different email addresses for different purposes -- via different providers: Yahoo, Gmail, Live, etc.
  • or some providers allow "+" suffix, e.g., john.smith+facebook@gmail.com, which appear in main Inbox
  • this allows you to track who gave out your address, and to setup email filters; addresses completely separate from your main account are desirable for password resets, even though inconvenient (and not acceptable to some receivers); it also could provide some anonymity if your address is leaked later
  • [Spam]: "Gmail: Your address has more or fewer dots (.) or different capitalization"

References

Android

Gmail, Google

Government

iOS

macOS

Spam

Tracking

Windows

Yahoo