Security Tip (ST05-009)
Benefits and Risks of Free Email Services
Although free email services are convenient for sending personal correspondence, you should not use them to send messages containing sensitive information.
What is the appeal of free email services?
Many service providers offer free email accounts (e.g., Yahoo!, Hotmail, Gmail). These email services typically provide you with a browser interface to access your mail. In addition to the monetary savings, these services often offer other benefits:
- accessibility - Because you can access your account(s) from any computer, these services are useful if you cannot be near your computer or are in the process of relocating and do not have an ISP. Even if you are able to access your ISP-based email account remotely, being able to rely on a free email account is ideal if you are using a public computer or a shared wireless hot spot and are concerned about exposing the details of your primary account.
- competitive features - With so many of these service providers competing for users, they now offer additional features such as large amounts of storage, spam filtering, virus protection, and enhanced fonts and graphics.
- additional capabilities - It is becoming more common for service providers to package additional software or services (e.g., instant messaging) with their free email accounts to attract customers.
Free email accounts are also effective tools for reducing the amount of spam you receive at your primary email address. Instead of submitting your primary address when shopping online, requesting services, or participating in online forums, you can set up a free secondary address to use (see Reducing Spam for more information).
What risks are associated with free email services?
Although free email services have many benefits, you should not use them to send sensitive information. Because you are not paying for the account, the organization may not have a strong commitment to protecting you from various threats or to offering you the best service. Some of the elements you risk are
- security - If your login, password, or messages are sent in plain text, they may easily be intercepted. If a service provider offers SSL encryption, you should use it. You can find out whether this is available by looking for a "secure mode" or by replacing the "http:" in the URL with "https:" (see Protecting Your Privacy for more information).
- reliability - Although you may be able to access your account from any computer, you need to make sure that the account is going to be available when you want to access it. Familiarize yourself with the service provider's terms of service so that you know exactly what they have committed to providing you. For example, if the service ends or your account disappears, can you retrieve your messages? Does the service provider give you the ability to download messages that you want to archive onto your machine? Also, if you happen to be in a different time zone than the provider, you may find that their server maintenance interferes with your normal email routine.