Protect your Privacy

More Stories in this Series

Protect your privacy: protect your e-mail


Despite the rise of social networks and Twitter, e-mail is still the way many of us communicate. But it can put a tremendous amount of your private data at risk. Here are some tips for minimizing that risk.

Compromised accounts

Bad guys have a number of ways to compromise your account, including brute force attacks (trying username/password combinations until they stumble on the right one); password resets; or intercepting login credentials sent in the clear.

The risk: If you’re like most people, your e-mail account contains old bank statements (or links to same), addresses, information about other accounts, maybe even credit card numbers or passwords: It’s a treasure trove for an identity thief. And if an attacker gains control of your e-mail account, he can reset the passwords of other accounts. Finally, an attacker can harvest your friends’ e-mails for spam or phishing attacks.

How to protect yourself: The first rule of safe e-mail is: Don’t use it to send critical data.

Next make sure you connect to your e-mail accounts over encrypted connections. That means using SSL (look for the lock in your browser) for Webmail and a secure protocol (usually IMAP or POP3 over SSL) for other accounts. Do that on your portable devices as well as on your Macs.

Use very strong password for your e-mail accounts. (Mine is 25-digits long, and includes numbers, letters, and special characters; I keep track of it with a password manager.)

Compromised address

The Risk: Your e-mail address alone is worth money to spammers, scammers and other thieves, and is therefore worth protecting.

How to Protect Yourself:Use one time e-mail addresses for different online accounts and services. Many ISPs will provide such addresses for free; for example, MobileMe provides up to five such aliases (Mail -> Preferences -> Addresses). If that e-mail address starts getting spammed, you can cut it off without changing your primary address.

Some spammers still crawl Web pages looking for text strings that look like e-mail addresses. So make sure your e-mail address doesn’t show up in online forums or blog comments, much less any Websites you control. Or use a simple obfuscation technique, such as you (at) isp (dot) com to make the address harder to recognize.

[Mike Rothman is an analyst at and author of The Pragmatic CSO.]

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Best of Macworld Newsletter