Security Tip (ST04-023)
Understanding Your Computer: Email Clients
The main difference between email clients is the user interface. Regardless of which software you decide to use, follow good security practices when reading or sending email.
How do email clients work?
Every email address has two basic parts: the user name and the domain name. When you are sending email to someone else, your domain's server has to communicate with your recipient's domain server.
For example, let's assume that your email address is email@example.com, and the person you are contacting is at firstname.lastname@example.org. In very basic terms, after you hit send, the server hosting your domain (example.com) looks at the email address and then contacts the server hosting the recipient's domain (anotherexample.org) to let it know that it has a message for someone at that domain. Once the connection has been established, the server hosting the recipient's domain (anotherexample.org) then looks at the user name of the email address and routes the message to that account.
How many email clients are there?
There are many different email clients and services, each with its own interface. Some are web-based applications, some are stand-alone applications installed directly on your computer, and some are text-based applications. There are also variations of many of these email clients that have been designed specifically for mobile devices such as cell phones.
How do you choose an email client?
There is usually an email client included with the installation of your operating system, but many other alternatives are available. Be wary of "home-brewed" software, because it may not be as secure or reliable as software that is tested and actively maintained. Some of the factors to consider when deciding which email client best suits your needs include
- security - Do you feel that your email program offers you the level of security you want for sending, receiving, and reading email messages? How does it handle attachments (see Using Caution with Email Attachments for more information)? If you are dealing with sensitive information, do you have the option of sending and receiving signed and/or encrypted messages (see Understanding Digital Signatures and Understanding Encryption for more information)?
- functionality - Does the software send, receive, and interpret email messages appropriately?
- reliability - For web-based services, is the server reliable, or is your email frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons?
- availability - Do you need to be able to access your account from any computer?
- ease of use - Are the menus and options easy to understand and use?
- visual appeal - Do you find the interface appealing?
Each email client may have a different way of organizing drafted, sent, saved, and deleted mail. Familiarize yourself with the software so that you can find and store messages easily, and so that you don't unintentionally lose messages. Once you have chosen the software you want to use for your email, protect yourself and your contacts by following good security practices (see US-CERT Tips for more information).
Can you have use more than one email client?
You can have more than one email client, although you may have issues with compatibility. Some email accounts, such as those issued through your internet service provider (ISP) or place of employment, are only accessible from a computer that has appropriate privileges and settings for you to access that account. You can use any stand-alone email client to read those messages, but if you have more than one client installed on your machine, you should choose one as your default. When you click an email link in a browser or email message, your computer will open that default email client that you chose.
Most vendors give you the option to download their email software directly from their websites. Make sure to verify the authenticity of the site before downloading any files, and follow other good security practices, like using a firewall and keeping anti-virus software up to date, to further minimize risk (see Understanding Firewalls, Understanding Anti-Virus Software, and other US-CERT Tips for more information).
You can also maintain free email accounts through browser-based email clients (e.g., Yahoo!, Hotmail, Gmail) that you can access from any computer. Because these accounts are maintained directly on the vendors' servers, they don't interfere with other email accounts.