Electronic mail (email or e-mail) is a method of exchanging messages (“mail”) between people using electronic devices.

Email entered limited use in the 1960s, but users could only send to users of the same computer, and some early email systems required the author and the recipient to both be online simultaneously, similar to instant messaging. Ray Tomlinson is credited as the inventor of email; in 1971, he developed the first system able to send mail between users on different hosts across the ARPANET, using the @ sign to link the user name with a destination server. By the mid-1970s, this was the form recognized as email.

How To Secure Your Email Account

To ensure that no one else has access to your account, set a strong password ideally using a password manager. The most crucial characteristic of your password is that it should be unique. This means not only do you not use this password on any other service; nobody uses this password on any service.

You will also need to carefully check your provider’s security settings and make use of two-factor authentication. We also recommend a hardware key such as the open FIDO U2F standard.

Two-factor authentication (2FA) works by requiring a secondary, one-time code when accessing your account. The 2FA code may be generated on a dedicated device, an app, or sent by text message, making it hard for anyone else to access your account.

If you are using webmail, make sure you create a separate ‘app password’ or otherwise authenticate the client properly.

Webmail vs. email client

You can use either webmail (e.g., the browser) or a dedicated email client such as Thunderbird to view and write your email.

In webmail, make sure you navigate to the correct site before entering your password. A password manager or hardware key can help you with that. The connection needs to be correctly encrypted, as indicated by the lock icon in your browser’s address bar. There must not be any warnings or errors.

When using an email client, always make sure your emails are fetched and sent over an encrypted channel so they cannot be easily intercepted.

Screenshot of an email settings screen.

Regular housekeeping on your account is essential for good security. Ensure that no one has set any redirects or filters that automatically forward your email to another account.

Also, check your previous logins and see if you find anything suspicious. Some email providers allow you to link your account to other apps or platforms. Make sure that all of these integrations are trustworthy and needed.

Don’t Load Images And Be Careful About Tracking Links

To track their emails’ reach and effectiveness, many companies, especially newsletter providers, will monitor the links in their emails. This lets companies see how many people, and even who exactly, read the email, clicked on certain links, or forwarded the email.

When you hover your mouse over a link, your browser should show you its destination, which you can copy it into a text editor for further inspection. You could open the link in the Tor Browser to disguise your location, although this would still reveal the time you opened the link.

Another strategy used to track you is to include images into your emails. When you open the email, you automatically load the image from a remote server. This can contain a tracking code and reveal to mailing list administrators who opened the message. You can most likely configure your email provider not to load external images by default, thus disabling the tracking code.

Links might not only track you, but rather send you to sites that host malware, or phishing sites.

Be Careful When Opening Attachments

Attachments can contain all kinds of malware, such as cryptolockers or trojans. Only click on files that you expect, and whose senders you trust.

It is advisable to open commonly infected formats such as .pdf, .xls, and .doc using your webmail provider’s built-in functionality or in a virtual machine. Either way, make sure your computer is up to date. Antivirus software helps but is not a guarantee of a virus-free computer.

Email Encryption For Advanced Users

It is possible to encrypt emails to protect them from being snooped on, intercepted, and altered by even the most skilled and well-funded adversaries.

Pretty Good Privacy (PGP), also called GNU Privacy Guard (GPG), is free software that encrypts your email contents in a way that means only the intended recipient can see it. However, it does require the recipient to use the software as well.

When using PGP, both you and your contacts will create a key pair on your devices, which includes a public and a private part. You can exchange the public key, verify its authenticity, and encrypt your emails with this key. To decrypt the information, the private key is necessary, which never leaves the computer.

Though very secure, PGP does still leave some information out in the open, called metadata. The metadata includes the email addresses of the sender, recipient, time the message was sent, and the approximate email size.

Avoiding metadata is difficult and might entail not using emails at all. For example, have a look at Off-the-record (OTR), an encrypted chat protocol. OTR encrypts your messages and creates a new key for each conversation, to make it more difficult to link them.

Secure All Your Email Accounts

When dealing with a reputable email provider, the most important thing will be to secure your accounts. Set a strong and unique password, use a password manager, and set two-factor authentication!