Email Security: A Guide to Keeping Your Inbox Safe


Email security


Email is one of the most commonly used communication tools in the world, and it contains sensitive and personal information such as passwords, bank statements, and personal messages. Not paying attention to or slacking on email security can lead to identity theft, data breaches, and financial loss. I think it’s time to take a second look at our email accounts and at how vulnerable they actually are.


Why Email Security Is Important for You


At this point, as ancient as email seems to be as a technology, email is still one of the most prevalent ways in which communications take place. Whether it be sending resumes to prospective employers, reading newsletters, keeping up with rewards programs, business communications, or a number of other reasons, email is a central way in which we keep in touch. The issue is that email is also one of the least secure ways to communicate.


The Inherent Insecurity of Email


SMTP (Simple Mail Transfer Protocol) is the standard that governs email transmissions. Want an interesting factoid? SMTP by default contains no security mechanisms. That’s right, none. Major popular email providers like Gmail, Outlook.com, and secure providers like Mailfence, Protonmail, and Tutanota add encryption and other security features. But on its own email is an extremely insecure means of communication.


Some reasons why email is insecure by default:


  • By default, email isn’t encrypted. That means if a third party intercepts your email message they will be able to read the information that it contains.
  • Fake email accounts are easy to make. Creating fake accounts is a favored tactic of scammers and other internet predators.
  • Your email provider may access your emails to collect data for targeted advertising. That’s the reason end-to-end encryption is so important. End-to-end encryption is when a message is encrypted (unreadable to third parties) from the moment it is sent until it reaches the recipient. It could also be called point-to-point encryption. With end-to-end encryption protecting your email message, third parties like your ISP, email provider, and corporations won’t be able to read your communication.
  • High susceptibility to eavesdropping. It is all too easy for someone to look over your shoulder or look at the device that you left unlocked.


Keep in mind that email is a very popular platform for sending many types of malware. By malware, I am talking about viruses, ransomware, trojans, and worms. Not to mention social engineering and phishing attempts. This is why it’s time for you to secure your email inbox and messages.


How to Make Your Email Inbox More Secure


Here are some simple things that you can do to make your email far more secure. We are going to go over how to make good passwords, two-factor-authentication, installing updates, removing unnecessary software, Google’s Security Checkup, using a VPN, using Have I Been Pwned, burner email addresses, paying attention to sender addresses, how to deal with email links, secure email providers, antivirus, public WiFi, and how to handle email attachments from unknown sources. It’s a lot to unpack, but these simple steps will leave your email safer and more secure as a result.


Use a Good Password


Securing your email inbox starts with a good password. There are actually a lot of terrible passwords out there. Here is a list of the most hacked passwords. Just take a look at the top 10:


  1. 123456
  2. password
  3. 123456789
  4. 12345
  5. 12345678
  6. qwerty
  7. 1234567
  8. 111111
  9. 1234567890
  10. 123123


If this list teaches us anything it’s that the average person will opt for the easy to remember over the secure. What follows is how you can make secure passwords that are easy to remember.


How to make a good password:


  • At least 12 characters long.
  • Use a mix of upper and lower case letters, numbers, and special characters.
  • Avoid memorable keyboard patterns.
  • Avoid personal information.
  • Keep passwords unique.


Two pro tips:


  • The longer the password the better.
  • Passphrases are stronger than passwords.


Following the rules that I just gave you on how to make a good password, and remembering that longer passwords are better passwords and that passphrases are even better yet, it’s time for you to come up with a password scheme that will be easy for you to remember. You can do it however you want as long as you follow the rules to making a good password.


Use Two-Factor Authentication


Authenticating is what you are doing when you sign into an account. You enter a username and password, and if you gave the correct credentials the service allows you into your account. Two-factor authentication simply adds a second layer of authentication to your account.


Most common types of two-factor-authentication:


  • Text – You enter your username and password to access your account. The service will text you a code. Enter the code that they texted you when prompted and you will be allowed access to your account.
  • App – You enter your username and password to access your account. Get a code from your two-factor app and enter it when prompted and you will be allowed access to your account.
  • USB Key – In order to access your account your key must be plugged in via USB.


After you have implemented two-factor authentication, even if a bad actor gets their hands on your password, your account will still be protected as long as they don’t get access to the code that was sent to your mobile device or don’t steal your USB security key.


Here are some recommended Two-Factor Authentication apps:


Here are some places to buy Two-Factor Authentication USB keys:



Two-factor Authentication is an essential security measure that can help protect your online accounts from unauthorized access and identity theft. It provides an extra layer of protection beyond just a username and password, making it much more difficult for hackers to gain access to your account and steal your personal information.


Update Your Devices


An operating system is the core software that runs on your computer, and it provides the foundation for all other applications. Keeping it up to date is crucial to maintain the security and functionality of your device, whether it’s a desktop, laptop, tablet, or smartphone. It is also important to note that software vendors typically provide technical support only for the latest versions of their products. Therefore, keeping your operating system up to date can ensure you have access to technical support when you need it. Add to that the fact that outdated operating systems may have vulnerabilities that can be exploited by hackers to gain unauthorized access to your system. By regularly updating your operating system, you can reduce the risk of these vulnerabilities being exploited and keep your system secure. For your email account to be secure, you need to access and use it with a secure system.


What keeping your system up to date will do for you:


  • Patch security issues.
  • Fix bugs.
  • Install new features and improvements.
  • Help to ensure future compatibility.

We are going to go over how to update Windows 10/11, Android, and iPhone/iPad.


How to update Windows 10:


  1. Click on the Start button and select “Settings” (gear icon).
  2. Go to “Update & Security”.
  3. Select “Windows Update” from the left-hand menu.
  4. Click on “Check for updates” and wait for the process to complete.
  5. If there are updates available, click on “Download and install” to start the installation process.


How to Update Windows 11:


  1. Click on the “Start” button and type (without the quotes) “Settings”.
  2. Click “Settings”.
  3. Click “Update Windows”.
  4. Click “Check for updates”.
  5. Click “Download & install” on any available updates.


How to update the Microsoft Store apps:


  1. Click “Start”.
  2. Click “All apps”.
  3. Click “Microsoft Store”.
  4. Click “Library”.
  5. Click “Get updates”.


How to update Android:


The update may take several minutes to complete, so make sure your phone or tablet is fully charged or plugged in.


To update an Android device, the steps may vary slightly depending on the make and model.


For my Samsung Galaxy S22, all I have to do is:


  1. Open the “Settings” app on your Android device.
  2. Scroll down to “Software update” and tap on it.
  3. Tap “Download and install”


If you have something other than a Samsung Galaxy S22, here are some good general steps you can follow:


  1. Open the “Settings” app on your Android device.
  2. Scroll down to the “System” section and tap on it.
  3. Look for “System update” or “Software update” and tap on it.
  4. Tap “Download and Install” or “Check for updates”.
  5. If an update is available, follow the on-screen instructions to download and install it.


If you are still having a hard time finding where to update your device remember that you can search Settings:


  1. Open the “Settings” app on your Android device.
  2. Search “Update”.
  3. From there you should be able to find where to update your device.


How to update Android apps:


  1. Open the Google Play Store app on your Android device.
  2. Tap on your profile icon located at the top right corner of the screen.
  3. In the pop-up menu, select “Manage apps and devices”.
  4. On the “Manage apps and devices” screen, select “Manage”.
  5. Tap “Updates available”.
  6. Select the apps that need to be updated.
  7. Tap the green update button at the top of the screen.


How to update iPhone and iPad


Again, the update may take several minutes to complete, so make sure your iPhone or iPad is fully charged or plugged in.


  1. Launch the Settings app.
  2. Go to General, and then tap on “Software Update” or tap on “General” or “Settings”, then tap “Check for Update”.
  3. If an update is available, you will see a message notifying you of it. Tap “Download and Install” or “Download and Update”.
  4. Enter your passcode, if prompted, and then agree to the terms and conditions of the update.


Remove Unnecessary Software


Benefits of removing unnecessary software:


  • Free up space on your drive.
  • Improve your system’s security.
  • Increase your computer’s speed.


How does this relate to email security? The more apps that you have in your system, the more potential points of vulnerability that you may have. If you have a vulnerable piece of software or flat-out malware in your computer, your system isn’t secure. You cannot check, send, and receive secure email on an insecure system.


To remove unnecessary software:


  1. Click on the “Start” button and type (without the quotes) “Settings”.
  2. Click “Settings”.
  3. Click “Apps”.
  4. Click “Installed apps”.
  5. Go through your installed apps, click on the three dots next to entrys that you wan’t to uninstall, and click “Uninstall”.


Check-in With Have I Been Pwned


You can use Have I Been Pwned to see if a data breach has exposed your email or phone number. It was created in 2013 and has collected over 5.6 billion pwned accounts from more than 300 data breaches. Have I Been Pwned analyzes data from millions of accounts that have been compromised. If you run a scan on your email address or phone number, it checks to see if they have been compromised in any of the data breaches that Have I Been Pwned tracks, and you are provided a list of which ones have been. You can sign up to receive an email notification every time your information is found in a new breach. Also, you can check if your password has been exposed in a data breach.


To check if your email has been exposed in a breach:


  1. Go to the Have I Been Pwned website.
  2. Enter your email address in the search field.
  3. Click “pwned?”.


To check if your phone number has been exposed in a breach:


  1. Go to The Have I Been Pwned website.
  2. Enter your phone number in the search field.
  3. Click “pwned?”.


To check if your password has been exposed in a breach:


  1. Go to the Have I Been Pwned website.
  2. Click “Passwords”.
  3. Enter a password.
  4. Click “pwned?”.


Use a Burner Email Address for Unimportant Signups that You Won’t Be Signing Into Again


A burner email address is useful to protect your online privacy and security. It is a temporary email address that can be used instead of your primary email when signing up for online services or any other activity that requires an email address.


One of the key benefits of using a burner email address is that it can reduce the risk of your primary email account being targeted by attackers. By using a separate email address for online activities, you can limit the amount of personal information that is exposed if your burner email address is compromised.


I use a free service called 10 Minute Mail. It is a temporary email service that provides disposable email addresses for users who want to sign up for sites or services that require an email address for verification purposes. As the name suggests, these email addresses are valid for only 10 minutes, after which they self-destruct. This feature makes 10 Minute Mail an effective tool for countering spam and protecting personal data.


To use 10 Minute Mail:


  1. Go to the 10 Minute Mail website.
  2. Copy and use the temporary email address provided.


Pay Attention to Sender Addresses


It is important to pay attention to the sender’s email address because it can help you identify if the email is legitimate or not. Some spammers and hackers may use a spoofed email address to trick you into opening their email, clicking on a malicious link, or downloading an attachment that contains malware. They may also try to impersonate someone that you know or trust. By checking the sender’s email address carefully, you can avoid falling victim to phishing, spam, or other online scams.


Be Cautious About Links in Emails


You should not click links in emails unless you are 100% sure they are safe. They can be used by spammers or hackers to trick you into opening their email, clicking on a malicious link, or downloading an attachment that contains malware. By clicking on their links, you may expose your personal or financial information, infect your device with viruses, or compromise your online accounts. Before clicking on any link in an email, you should ask yourself some questions, such as:


  • Do I know and trust the sender of the email?
  • Does the sender’s email address match who they claim to be?
  • Does the link match the content and purpose of the email?
  • Does the link look suspicious or contain strange characters?


If you are not sure about any of these questions, you should not click on the link. Instead, you can verify the link by using a link-expansion service, a URL decoding tool, or a browser plug-in that shows the link’s destination. You can also contact the sender directly by phone or by using a different email address to confirm if they sent you the email and if the link is legitimate.


Consider Switching to a More Secure and Private Email Provider


If you follow the advice I’m giving you in this article your email inbox and account will be more private and secure. But if you’d like to take things a step further then it might be worth your while to consider Using a security and privacy-focused email provider.


What will a security and privacy-focused email provider do for you? It can help protect your sensitive information from potential hackers and prying eyes. These types of email services offer a range of features and assurances not found in other mainstream email providers. Using a secure email provider, you can be sure that your data is encrypted both in transit and at rest, and that the provider does not share or sell your personal information to third parties.


Some of the best security and privacy-focused email providers:


  • ProtonMail – ProtonMail is a popular secure email service provider that offers open-source, end-to-end encryption with zero knowledge and zero access technology. It is freemium in that it offers both free and paid versions with different features.
  • Tutanota – Tutanota is a secure email provider that offers top-notch encryption standards and has a user-friendly interface. It provides end-to-end encryption for emails, contacts, and calendar events.
  • Mailfence – Mailfence is an end-to-end encrypted email service that supports encrypted email messages to both PGP and non-PGP recipients. It offers a range of privacy features like two-factor authentication, digital signatures, and advanced spam filters.


Always Scan Attachments With Antivirus


Scanning email attachments with antivirus is important because it helps protect your email account and your computer against potential malware that may be hidden inside the attachments. Email attachments are a common method for spreading malware, and opening an infected attachment can potentially harm your computer and data. Antivirus software can detect and block malware before it infects your computer, providing an added layer of protection.


Some email providers have built-in antivirus scans that check attachments for viruses and notify the user if the attachment has malware. However, I still highly recommend that you have antivirus software installed on your computer to ensure that all incoming attachments are scanned for potential threats. In addition to scanning email attachments, it is also important to schedule regular antivirus scans on your computer to detect and remove any malicious software that may have been downloaded.


If You are Using Public Wifi Make Sure You Are Connected to a VPN


Using public Wi-Fi can be dangerous due to a number of factors. First, public WiFi networks are often not secure, which means that anyone with access to the same network can potentially see what you are doing online. That means that it is possible that they could see things like passwords, credit card numbers, messages, and other personal information. This can lead to identity theft, fraud, and other types of cyber attacks.


Additionally, hackers can easily gain access to vulnerable ports on devices that are connected to public WiFi networks, potentially exposing them to malware and other forms of cyber attack. To protect against this, it’s important to use a VPN to encrypt your internet traffic and make it more difficult for hackers to gain access to your device and data.


How to choose a good VPN:


  • Make sure it is a paid VPN service. I know that free can be pretty tempting. But when it comes to VPNs free can be dangerous. A VPN service needs to make a profit somehow to stay in business. Chances are if you aren’t paying with your wallet then you are paying with your data. Another issue is that free VPNs often have limited server options and slower speeds, which can result in a poor user experience.
  • Make sure they offer strong encryption.
  • Make sure they offer unlimited bandwidth.
  • Make sure that they have a wide range of servers in different countries.
  • Make sure that they have a strict no-logs policy.
  • Make sure they provide a kill switch.
  • Make sure that they allow you to use their VPN service on all of the devices that you need to use it on.


VPNs that I Recommend:



The Takeaway


  1. Use a good password.
  2. Use Two-Factor Authentication.
  3. Update your devices.
  4. Remove unnecessary software.
  5. Use a burner email address for unimportant signups.
  6. Be cautious about links in emails.
  7. Always scan email attachments with antivirus.
  8. If you are using public WiFi make sure you are connected to a VPN.


We have covered the importance of email security, how email is inherently insecure, and how to make your email account more secure. By following these steps, you can protect your personal and sensitive information from falling into the wrong hands. It’s important to stay vigilant and be proactive in securing your email account. Remember, protecting your email account is an ongoing process, so remain diligent and stay safe.

Leave a Reply

Your email address will not be published. Required fields are marked *