DEV Community

Cover image for Email Security and Privacy
Fernando B 🚀
Fernando B 🚀

Posted on

Email Security and Privacy

Photo by Stephen Phillips - Hostreviews.co.uk on Unsplash

This post is a guide about email security and privacy. In the past decade with services like gmail, google, google maps, google chrome, youtube, etc. One sometime wonders why is everything free, how are we paying for these services. We are paying with data. I'm not here to debate whether google or another conglomerate is evil, I'll let you make that choice.

What's in the name?

Your email name should never contain important dates. Often you see Melissa1983, John0813, etc. If you want better privacy it should not contain your full last name, but you decide how far to go. Both of these are tools hackers can use.

John.Smith@mail.com
John.S@mail.com
Enter fullscreen mode Exit fullscreen mode

Passwords

Never use an easy password, like password1234. Automated attacks prey on easy passwords. Email password should be something strong preferably managed by a good password manager. It should also have MFA enabled.

Private communication

Certain services can hide your email such as github by using an email alias private-user@users.noreply.github.com. This is an extra nice layer of security. You can also use pgp encryption but this is something your average user will probably skip. (Thunderbird email client with enigma)

Who's reading my email?

Recently we've seen Google, Facebook, and several FANG companies come under scrutiny as they are data mining your data with the excuse that you are agreeing somewhere in the terms and conditions when signing up for services or downloading apps. You'll often see targeted ads after you made a google search.

I'm not telling you to switch but I'm saying make a wise decision when it comes to your privacy. There are services like ProtonMail, TutoNota, etc which is a private email. Let's say that one more time, a private email. Not an email which is tied to a whole ecosystem like a gmail account.

Email Layering

I wish I practiced this since I started using email back in early 2000. The idea is simple. Use different emails for certain things.

John.S.finance@mail.com # bank, never store cc on sites!
John.S.junk@mail.com    # stuff that doesn't use personal or bank info
John.S.dev@mail.com     # dev stuff
Enter fullscreen mode Exit fullscreen mode

You can go one step above and instead of junk or dev just create a random 8 character then make a rule in your email to send that email to a certain folder.

John.S.98234234@mail.com
Enter fullscreen mode Exit fullscreen mode

Note: Some email services let you forward emails to one account, others have email aliases. It really just depends on how you want to handle this.

Layering email accounts will make sure your main account stays clean with less spam.

Discuss

  • How are you keeping your email private?
  • What email service do you use?

Top comments (6)

Collapse
 
thefern profile image
Fernando B 🚀

I thought about setting up an email server on my domain at one point, but never went through. Mainly because gmail was attached to most of my accounts. Now I'm slowly moving out of Google ecosystem. Started using protonmail, and I love it.

Collapse
 
richardlikestea profile image
Richard Shepherd

Please can I ask you what's the main thing you love about Proton Mail?

Thread Thread
 
thefern profile image
Fernando B 🚀

A few things no ads, no promotional emails like on yahoo and Gmail. And e2e encryption. I get only my email and no spam. Mobile app is clean. For my pc I use Thunderbird on Linux.

Collapse
 
offen-software profile image
offen.software

A good reminder on an essential topic - thanks!

Collapse
 
sonnk profile image
Nguyen Kim Son

I'd recommend to use a different email for each website. This can be done quite simply today with email alias.

Collapse
 
thefern profile image
Fernando B 🚀

Aliases are the best way to go. My strategy is to split per category. One email per account would be way too many aliases for my taste.

my-email+social@mail.com
my-email+dev@mail.com