-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Tip ST05-009 Benefits and Risks of Free Email Services Although free email services are convenient for sending personal correspondence, you should not use them to send messages containing sensitive information. What is the appeal of free email services? Many service providers offer free email accounts (e.g., Yahoo!, Hotmail, Gmail). These email services typically provide you with a browser interface to access your mail. In addition to the monetary savings, these services often offer other benefits: * accessibility - Because you can access your account(s) from any computer, these services are useful if you cannot be near your computer or are in the process of relocating and do not have an ISP. Even if you are able to access your ISP-based email account remotely, being able to rely on a free email account is ideal if you are using a public computer or a shared wireless hot spot and are concerned about exposing the details of your primary account. * competitive features - With so many of these service providers competing for users, they now offer additional features such as large amounts of storage, spam filtering, virus protection, and enhanced fonts and graphics. * additional capabilities - It is becoming more common for service providers to package additional software or services (e.g., instant messaging) with their free email accounts to attract customers. Free email accounts are also effective tools for reducing the amount of spam you receive at your primary email address. Instead of submitting your primary address when shopping online, requesting services, or participating in online forums, you can set up a free secondary address to use (see Reducing Spam for more information). What risks are associated with free email services? Although free email services have many benefits, you should not use them to send sensitive information. Because you are not paying for the account, the organization may not have a strong commitment to protecting you from various threats or to offering you the best service. Some of the elements you risk are * security - If your login, password, or messages are sent in plain text, they may easily be intercepted. If a service provider offers SSL encryption, you should use it. You can find out whether this is available by looking for a "secure mode" or by replacing the "http:" in the URL with "https:" (see Protecting Your Privacy for more information). * privacy - You aren't paying for your email account, but the service provider has to find some way to recover the costs of providing the service. One way of generating revenue is to sell advertising space, but another is to sell or trade information. Make sure to read the service provider's privacy policy or terms of use to see if your name, your email address, the email addresses in your address book, or any of the information in your profile has the potential of being given to other organizations (see Protecting Your Privacy for more information). If you are considering forwarding your work email to a free email account, check with your employer first. You do not want to violate any established security policies. * reliability - Although you may be able to access your account from any computer, you need to make sure that the account is going to be available when you want to access it. Familiarize yourself with the service provider's terms of service so that you know exactly what they have committed to providing you. For example, if the service ends or your account disappears, can you retrieve your messages? Does the service provider give you the ability to download messages that you want to archive onto your machine? Also, if you happen to be in a different time zone than the provider, you may find that their server maintenance interferes with your normal email routine. _________________________________________________________________ Authors: Mindi McDowell, Allen Householder _________________________________________________________________ Produced 2005 by US-CERT, a government organization. Note: This tip was previously published and is being re-distributed to increase awareness. Terms of use <http://www.us-cert.gov/legal.html> This document can also be found at <http://www.us-cert.gov/cas/tips/ST05-009.html> For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSBjJOvRFkHkM87XOAQLW0gf+OdzUp+0ZH88GaUUMqi9Um8GVGskV8V9T nYuyX4EMkp236PpbAhhxublshOXegcGnKYZ3/OJmhKDAUFXDoX0YjcxygGR2MQ4x VaMOKuVDTFzUJJA5hUWNc+oSLf0rM6iKz24YXJVbGzeEoWmNcOLUy6pzroKfJQ9i qXpvrCu5ngT0BggAJC7tZCNdLcTggOR/oWsAfle4m1By31w1ohluxrkv/ZzeOUCG 3xWEe55pGlvoz65CWG/pVWtnPuaBHOgR2ppQkVsMX2DYK5V2/8CyMNKqpegAU/59 nrt6n/qbMTBVqMZwXNsEOIbE9l5hlByDM2ZPD+UJ6vySv1y8xoLzEA== =5mXF -----END PGP SIGNATURE-----