US-CERT Cyber Security Tip ST05-009 -- Benefits and Risks of Free Email Services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   Cyber Security Tip ST05-009 archive
                Benefits and Risks of Free Email Services

   Although free email services are convenient for sending personal
   correspondence, you should not use them to send messages containing
   sensitive information.

What is the appeal of free email services?

   Many service providers offer free email accounts (e.g., Yahoo!,
   Hotmail, Gmail). These email services typically provide you with a
   browser interface to access your mail. In addition to the monetary
   savings, these services often offer other benefits:
     * accessibility - Because you can access your account(s) from any
       computer, these services are useful if you cannot be near your
       computer or are in the process of relocating and do not have an
       ISP. Even if you are able to access your ISP-based email account
       remotely, being able to rely on a free email account is ideal if
       you are using a public computer or shared wireless hot spot and
       are concerned about exposing the details of your primary account.
     * competitive features - With so many of these service providers
       competing for users, they now offer additional features such as
       large amounts of storage, spam filtering, virus protection, and
       enhanced fonts and graphics.
     * additional capabilities - It is becoming more common for service
       providers to package additional software or services (e.g.,
       instant messaging) with their free email accounts to attract
       customers.

   Free email accounts are also effective tools for reducing the amount
   of spam you receive at your primary email address. Instead of
   submitting your primary address when shopping online, requesting
   services, or participating in online forums, you can set up a free
   secondary address to use (see Reducing Spam for more information).

What risks are associated with free email services?

   Although free email services have many benefits, you should not use
   them to send sensitive information. Because you are not paying for the
   account, the organization may not have a strong commitment to
   protecting you from various threats or offering you the best service.
   Some of the elements you risk are
     * security - If your login, password, or messages are sent in plain
       text, they may easily be intercepted. If a service provider offers
       SSL encryption, you should use it. You can find out whether this
       is available by looking for a "secure mode" or by replacing the
       "http:" in the URL with "https:" (see Protecting Your Privacy for
       more information).
     * privacy - You aren't paying for your email account, but the
       service provider has to find some way to recover the costs of
       providing the service. One way of generating revenue is to sell
       advertising space, but another is to sell or trade information.
       Make sure to read the service provider's privacy policy or terms
       of use to see if your name, your email address, the email
       addresses in your address book, or any of the information in your
       profile has the potential of being given to other organizations
       (see Protecting Your Privacy for more information). If you are
       considering forwarding your work email to a free email account,
       check with your employer first. You do not want to violate any
       established security policies.
     * reliability - Although you may be able to access your account from
       any computer, you need to make sure that the account is going to
       be available when you want to access it. Familiarize yourself with
       the service provider's terms of service so that you know exactly
       what they have committed to providing you. For example, if the
       service ends or your account disappears, can you retrieve your
       messages? Does the service provider give you the ability to
       download messages that you want to archive onto your machine?
       Also, if you happen to be in a different time zone than the
       provider, you may find that their server maintenance interferes
       with your normal email routine.
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-009.html>

     Copyright 2005 Carnegie Mellon University

     Terms of use
 
     <http://www.us-cert.gov/legal.html>


     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQm/vQxhoSezw4YfQAQKk5Qf7B/5Wm9z+8vjOui4tbaWYrdUWVnzyh9n1
iNA1jlILlK0T3qqNGqt9R+mZF0bI6vgSMbDc0FktD9IeDmAmyfH5bNQsMHUrPibI
iGqteejW5RY8/vbqHq6KWchkHXhMtpL3ZXPjH8BA/qcKyU4IbAyxRxpKBtJ9w8p8
bELpzZp17lz1E4Qn2QsIqrZZzOz+OHbGPkq+WwasSh4ojo/feWVkVzQJntbFUdOp
xbugb4afESAlLKJnumpoBONkxM8fQmgSnKrNAXyeistd/T9KOCt524ZOf6X6GT2B
IZ5mxlgONi5op1fLeBiWJSIthV7qY6NzPKTHaxshQHI+NbtFcsFvrg==
=TJQn
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux