Use email securely

Invented by Ray Tomlinson, email first entered limited use in the 1960s and by the mid-1970s had taken the form now recognized as email. It evolved, and so did its parasites:

  • Email “spam”. A number of effective anti-spam techniques now largely mitigate the impact of spam by filtering or rejecting it for most users, but the volume sent is still very high, and increasingly consists not of advertisements, but malicious content or links.

  • Phishing emails continue to be one of the most common initial attack vectors employed by attackers for malware delivery. Attacking the human element continues to be extremely effective. To infect a system, the attacker simply has to persuade a user to click on a link or open an attachment.

  • Email spam and phishing methods typically use spoofing to mislead the recipient about the true message origin.

  • Laws in many countries either allow or have loopholes in an existing law that allow the government to access stored emails without a warrant, and intelligence agencies can do and actually do so.

  • Internet as well as intranet email may travel and be stored on networks and computers without the sender or the recipient having any control. During the transit time it is possible that third parties read or even modify the content.

  • The ease and impersonality of email communications mean that the social norms that encourage civility do not exist and may be forgotten. Flaming, bullying, …

To stay sane:

  • Do not use public computers to access email with sensitive information.

  • If you are not in a safe neighbourhood, use a VPN or Tor anonymity network to encrypt traffic from the user machine to a safer network.

  • Use a privacy-focused email application (make sure not to use your own name or other personal information)

  • GPG, PGP, SMEmail, can be used for end-to-end message encryption.