Security

Video: Five email safety tips everyone should follow

Instant messaging, texting, and tweeting are all the rage, yet e-mail still dominates the communication landscape--at home, but especially in business. Unfortunately, many people, even IT pros, still ignore the basics of email security. Bill Detwiler goes over five basic email safety tips that everyone should follow.

Instant messaging, texting, and tweeting are all the rage, yet email still dominates the communication landscape--at home, but especially in business. Unfortunately, many people, even IT pros, still ignore the basics of email security. In this video, I'll go over five basic email safety tips that everyone should follow.

For those of you who prefer text to video, you can click the Transcript link that appears below the video player window or you can also read Chad Perrin's article, "10 essential e-mail security measures," on which this video is based. Check out these articles and downloads for more email security tips:

Sign up to receive the latest IT Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

23 comments
lee_in_ftc
lee_in_ftc

I am not an IT person but I watch your blogs all the time. This one bothered me enough to make me ask a few questions. I have been using Yahoo mail for the better part of 10 years. It has had problems but mostly I like it. You said view email as plain text. Can you tell me how to configure yahoo mail to do that or is that not possible? You all so said to I should not be "Using unencrypted e-mail authentication", I have to log in to use my Yahoo email is that what you mean or am I wrong on that? You all so mentioned encryption and decryption of email, can that be done on Yahoo mail? Thank you Lee

rm
rm

Check before you click! Mouse over that link and check the real address of that link before you let it take you on a ride. Is it pointing to a clone website instead of the real thing? Is the link extremely long - like a buffer overflow? Does this link to an executable?

dbrezina
dbrezina

The inadvertent "send" to an incorrect address can be a tremendous problem if you are sending confidential information. One famous story is the email from the big law firm lawyer about a secret settlement that went to Berenson the NY Times Reporter, instead of Berenson the cocounse.

wskarz
wskarz

No player visible - can't watch the video. There seems to be a Javascript error on page (contacted Bill about it)

learningpc4beginners
learningpc4beginners

It should of been seven email safety tips everyone should follow. The number one safety tip is to treat email like a postcard. number seven is: Never EVER place personal identifiable information in a email.

rvelez_HAWAII
rvelez_HAWAII

Good stuff keep it comming one can never be to careful. Your tips keeps us on our toes. rvelez_hawaii

donnakline
donnakline

It may be true that these tips are not perfect solutions but they were simple, practical, and, above all, better than being totally naive.

MPG187
MPG187

On tip two the text says IMPA instead of IMAP!

rick.dash
rick.dash

all of the listed vote catetgories are a threat.

jwhite
jwhite

I don't understand how the tip warning against the privacy of web-based email services is valid, at least in comparison to the realistic alternatives. I mean, if companies or their employees are going to break the privacy policies and other rules that have been set at a company, using POP or IMAP is not going to be any more secure against privacy invasions. Even using an exchange server at your business, whihc almost always means you're subjected to your email going through your ISP first (and likely their spooling servers) means that could easily be violated as well. I'm interested to see how people think the above exmaples differ, privacy-wise, from major webmail services?

SuperC2615
SuperC2615

I have Comcast - they have apparently "copied" my MS Outlook address book to their webmail client....I can access them from there....I did not transfer them myself....how safe is that?

JCitizen
JCitizen

Gmail is the only free email service that encrypts from beginning to end; and even then it just barely does that. However it is better than all other free providers. When you log on to your Yahoo email, your log on is encrypted but not the rest of your session with Yahoo! mail.

jrnesbit
jrnesbit

What's the government got to do with it? The Internet Assigned Numbers Authority (IANA) is the entity that oversees global IP address allocation, root zone management for the Domain Name System (DNS), media types, and other Internet Protocol related assignments. It is operated by the Internet Corporation for Assigned Names and Numbers, better known as ICANN.

boxfiddler
boxfiddler

Always appreciate a new resource.

AllGeek2Me
AllGeek2Me

While trying to keep me head above the IT waters, I do a lot of reading. In most of what I read are silly mistakes that the spellcheck should have picked up, and as the acronyms are produced at the speed of light, a lot of authors do get them mixed up. But this one... that's just embarrassing.

snideley59
snideley59

POP3 and IMAP use clear text authentication out of the box, so your username and password are there for all to sniff. I believe they can both be configured to use TLS to encrypt such traffic, but that is an administrative headache that most ISPs wouldn't go for. What this boils down to is, simply, expect email to be read by all and sundry, not just the recipient, so don't put anything in there that you don't want all and sundry to read. As far as webmail goes, HTTP is cleartext, HTTPS is encrypted. The prefix does matter.

melias
melias

that at least one of the mentioned web-mail services has openly stated that they pay for the service by scanning your emails and then using the data for directed advertising. Most ISPs aren't supposed to scan your email, and once you download it to your PC is off of their servers, or at least in theory. After all, your connection fees pay for everything. Web-mail services keep the email on the web, not your local drive. Truth is, there is no real way to completely protect yourself from spammers and their ilk.

barryc
barryc

I think the issue needs to be broken down a bit. It may not be a good idea to use commercial web based mail for business purposes, though using the business versions of those services are probably OK - for example Google Apps for Business. Web bases mail for personal use is really all there is. The point that may be being made is that using a POP3/SMTP client may offer more privacy protection, assuming all messages are removed from the server at access time. This may be more private, but it also goes against some of the reasons why you have a public e-mail host in the first place. For example, being able to access your mail from any device anywhere, any time. Not using HTML mail is a good idea, though I prefer using HTML for mail I send, receiving it from unknown folks is a risk. Ideally, one's mail clients and security settings would work together to limit HTML mail in to only "white list" accounts. (I don't know if any of the products do this.) Also, if privacy really matters, then encryption is the only useful option. This means encryption of the authentication process and of the communications session (https for web mail) and of the messages themselves. Since most companies don't support encryption and to this date there's no truly accessible and practical encryption key tool set, it will be a while before encryption becomes prevalent enough to be a useful option. (The technology exists, but to work everyone needs to use an interoperable encryption schema. And there's more to it than that.) Basically, the video is just another FUD message from the media. There's truth to the content, but so much is left out that the point becomes irrelevant.

davidt
davidt

Sure, our internal Exchange email is definitely secure - but who worries about that? It's not likely that some packet-sniffing spy is hiding out in the plant, or in the wiring closet down the hall...but some very important email goes through many ISP's on its way to and from our "secure" server, to and from customers. So I don't see any security differences between web mail, pop3, SMTP, etc.

jrnesbit
jrnesbit

Not long ago the idea of having a web based email account was a valid way to "test" a site such as a shopping site to see if spam was created by that site selling your email address, there by preventing your isp email from being revealed and keeping spam out of your personal account. This concept was actually supported by C.E.R.T.

MPG187
MPG187

Wow you are from Edmonton too?

jrnesbit
jrnesbit

I know of very few ISP's that support encryption of the authentication process. This isn't something the user has control over. Add to that that many do not live in metro areas and have only one or two choices of isp's.

Editor's Picks