Although free email services are convenient for sending personal
correspondence, you should not use them to send messages containing
What is the appeal of free email services?
Many service providers offer free email accounts (e.g., Yahoo!,
Hotmail, Gmail). These email services typically provide you with a
browser interface to access your mail. In addition to the monetary
savings, these services often offer other benefits:
- accessibility - Because you can access your account(s) from any
computer, these services are useful if you cannot be near your
computer or are in the process of relocating and do not have an
ISP. Even if you are able to access your ISP-based email account
remotely, being able to rely on a free email account is ideal if
you are using a public computer or a shared wireless hot spot and
are concerned about exposing the details of your primary account.
- competitive features - With so many of these service providers
competing for users, they now offer additional features such as
large amounts of storage, spam filtering, virus protection, and
enhanced fonts and graphics.
- additional capabilities - It is becoming more common for service
providers to package additional software or services (e.g.,
instant messaging) with their free email accounts to attract
Free email accounts are also effective tools for reducing the amount
of spam you receive at your primary email address. Instead of
submitting your primary address when shopping online, requesting
services, or participating in online forums, you can set up a free
secondary address to use (see Reducing Spam for more information).
What risks are associated with free email services?
Although free email services have many benefits, you should not use
them to send sensitive information. Because you are not paying for the
account, the organization may not have a strong commitment to
protecting you from various threats or to offering you the best
service. Some of the elements you risk are:
- security - If your login, password, or messages are sent in plain
text, they may easily be intercepted. If a service provider offers
SSL encryption, you should use it. You can find out whether this
is available by looking for a "secure mode" or by replacing the
"http:" in the URL with "https:" (see Protecting Your Privacy for
- privacy - You aren't paying for your email account, but the
service provider has to find some way to recover the costs of
providing the service. One way of generating revenue is to sell
advertising space, but another is to sell or trade information.
of use to see if your name, your email address, the email
addresses in your address book, or any of the information in your
profile has the potential of being given to other organizations
(see Protecting Your Privacy for more information). If you are
considering forwarding your work email to a free email account,
check with your employer first. You do not want to violate any
established security policies.
- reliability - Although you may be able to access your account from
any computer, you need to make sure that the account is going to
be available when you want to access it. Familiarize yourself with
the service provider's terms of service so that you know exactly
what they have committed to providing you. For example, if the
service ends or your account disappears, can you retrieve your
messages? Does the service provider give you the ability to
download messages that you want to archive onto your machine?
Also, if you happen to be in a different time zone than the
provider, you may find that their server maintenance interferes
with your normal email routine.
Authors: Mindi McDowell, Allen Householder
The above article is reproduced with the kind permission of US-CERT (United States Computer Emergency Readiness Team) and the original document may be viewed by clicking here