Email Security

May 3, 2012

For most people, email security is an Oxymoron. If you are not familiar with the term oxymoron, it’s a figure of speech that combines contradictory terms. In this case what I mean is that for most people, email is NOT secure at all. I am not talking about receiving dangerous attachments or links in your email. What I am referring to is the fact that most email is not encrypted as it travels over the internet. So anyone with a computer and the right software can intercept email and read it. They may even be able to intercept your email password.

Before we get into how to make your email secure you may be wondering if you really need to secure your email. If you send and receive personal, important, or sensitive information via email, then you should make sure your email is secure. Most people don’t do that, so for most people, that’s not an issue. By the way, we don’t recommend sending personal, important, or sensitive information via email. But one reason everyone should consider making their email secure is SPAM. Spammers can intercept unsecured email and harvest your email address and then send you SPAM. They will also sell your email address to other spammers.

There are basically two ways to read your email on a computer. One way is to use a web browser like Internet Explorer to go to a website where you read your email. This is usually referred to as webmail because you are reading your mail on the web. The other way is to use an email program like Outlook, Outlook Express, Thunderbird, Windows Live Mail, or similar. We are going to have to speak to each one of these separately because they are very different. We will start with webmail because it’s simpler.

Webmail Security

With any email account, you can use a web browser like Internet Explorer, Chrome, Firefox, or Safari to read your email. All you have to do is go to the right website, put your email address and password in, and you can read and send your email right there in your browser. A browser can encrypt the communication between itself and the web server. You can tell your browser is in secure mode by looking at the website address you are accessing. If it begins with http it is not secure. If it begins with htpps then it is secure. The letter ‘s’ in https stands for secure.

When you login to your webmail account, it is always in secure mode. Once you have logged in, however, most webmail servers switch out of secure mode. That means that while you are reading and sending email, they are not encrypted and anyone can intercept them. If you use webmail, glace up at the website address and see if it says https. That will tell you right away.

Some webmail providers provide an option so you can set it so that everything you do in webmail is in secure mode. Gmail and Hotmail are the only two I am aware of that offer this option. If you use a RoadRunner, AT&T, Yahoo, or other email address, you may want to consider converting over to Gmail or Hotmail (includes and The nice thing about them is when you convert over to Gmail or Hotmail, you can have them pull in email sent to your old email address. That makes moving over to a new email address much easier.

In general, we do not recommend that you use the email address provided to you by your Internet Service Provider. It’s better to use one of the many free email services like Gmail and Hotmail because they are independent of your Internet Service provider. That way, if you change internet service providers, or if you move to another city, state, or country, you won’t have to change email addresses.

Email Client Security

For those of  you who use an email client like Outlook, Outlook Express, Windows Mail, Windows Live Mail, Mac Mail, Thunderbird, or any one of the hundreds of other email clients, the story is similar but not exactly the same. When your email client talks to the email server and when you download or send email using your email client, it’s generally not encrypted unless you are using a service like Gmail or Hotmail. It’s not the fault of your email client. It’s the fault of your email provider. In the early days of the internet, email used POP3 and SMTP protocols to download and send email. You may be shocked to find out that most email providers still use these same unsecure protocols to download and send email to your email client. It is possible for email providers to implement security on their servers using POP3 and SMTP. If they did, your email client could handle it. But most email providers don’t bother.

So, for those of you who use email clients for your email, the answer is similar to what we said for those who use webmail. Don’t use the email address provided for you by your internet service provider. Sign up for Gmail or Hotmail. It can be set up so that if people send email to your old email address, it will go into your email client, but when you send email it will use your new one. Setting it up that way makes the transition from your old email address to the new one much more transparent for you and for those you email with.

For those of you who have email on your own domain, chances are that security is not available for downloading to an email client and if you use webmail access it’s only secure when you are logging in, not when you are sending and receiving messages.


Leave a Reply

You must be logged in to post a comment.