-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-009 archive
Benefits and Risks of Free Email Services
Although free email services are convenient for sending personal
correspondence, you should not use them to send messages containing
sensitive information.
What is the appeal of free email services?
Many service providers offer free email accounts (e.g., Yahoo!,
Hotmail, Gmail). These email services typically provide you with a
browser interface to access your mail. In addition to the monetary
savings, these services often offer other benefits:
* accessibility - Because you can access your account(s) from any
computer, these services are useful if you cannot be near your
computer or are in the process of relocating and do not have an
ISP. Even if you are able to access your ISP-based email account
remotely, being able to rely on a free email account is ideal if
you are using a public computer or shared wireless hot spot and
are concerned about exposing the details of your primary account.
* competitive features - With so many of these service providers
competing for users, they now offer additional features such as
large amounts of storage, spam filtering, virus protection, and
enhanced fonts and graphics.
* additional capabilities - It is becoming more common for service
providers to package additional software or services (e.g.,
instant messaging) with their free email accounts to attract
customers.
Free email accounts are also effective tools for reducing the amount
of spam you receive at your primary email address. Instead of
submitting your primary address when shopping online, requesting
services, or participating in online forums, you can set up a free
secondary address to use (see Reducing Spam for more information).
What risks are associated with free email services?
Although free email services have many benefits, you should not use
them to send sensitive information. Because you are not paying for the
account, the organization may not have a strong commitment to
protecting you from various threats or offering you the best service.
Some of the elements you risk are
* security - If your login, password, or messages are sent in plain
text, they may easily be intercepted. If a service provider offers
SSL encryption, you should use it. You can find out whether this
is available by looking for a "secure mode" or by replacing the
"http:" in the URL with "https:" (see Protecting Your Privacy for
more information).
* privacy - You aren't paying for your email account, but the
service provider has to find some way to recover the costs of
providing the service. One way of generating revenue is to sell
advertising space, but another is to sell or trade information.
Make sure to read the service provider's privacy policy or terms
of use to see if your name, your email address, the email
addresses in your address book, or any of the information in your
profile has the potential of being given to other organizations
(see Protecting Your Privacy for more information). If you are
considering forwarding your work email to a free email account,
check with your employer first. You do not want to violate any
established security policies.
* reliability - Although you may be able to access your account from
any computer, you need to make sure that the account is going to
be available when you want to access it. Familiarize yourself with
the service provider's terms of service so that you know exactly
what they have committed to providing you. For example, if the
service ends or your account disappears, can you retrieve your
messages? Does the service provider give you the ability to
download messages that you want to archive onto your machine?
Also, if you happen to be in a different time zone than the
provider, you may find that their server maintenance interferes
with your normal email routine.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-009.html>
Copyright 2005 Carnegie Mellon University
Terms of use
<http://www.us-cert.gov/legal.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQm/vQxhoSezw4YfQAQKk5Qf7B/5Wm9z+8vjOui4tbaWYrdUWVnzyh9n1
iNA1jlILlK0T3qqNGqt9R+mZF0bI6vgSMbDc0FktD9IeDmAmyfH5bNQsMHUrPibI
iGqteejW5RY8/vbqHq6KWchkHXhMtpL3ZXPjH8BA/qcKyU4IbAyxRxpKBtJ9w8p8
bELpzZp17lz1E4Qn2QsIqrZZzOz+OHbGPkq+WwasSh4ojo/feWVkVzQJntbFUdOp
xbugb4afESAlLKJnumpoBONkxM8fQmgSnKrNAXyeistd/T9KOCt524ZOf6X6GT2B
IZ5mxlgONi5op1fLeBiWJSIthV7qY6NzPKTHaxshQHI+NbtFcsFvrg==
=TJQn
-----END PGP SIGNATURE-----
