US-CERT Cyber Security Tip ST05-009 -- Benefits and Risks of Free Email Services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	             Cyber Security Tip ST05-009
	      Benefits and Risks of Free Email Services

   Although free email services are convenient for sending personal
   correspondence, you should not use them to send messages containing
   sensitive information.

What is the appeal of free email services?

   Many  service  providers  offer  free  email  accounts  (e.g., Yahoo!,
   Hotmail,  Gmail).  These  email  services typically provide you with a
   browser  interface  to  access  your mail. In addition to the monetary
   savings, these services often offer other benefits:
     * accessibility  -  Because  you can access your account(s) from any
       computer,  these  services  are  useful if you cannot be near your
       computer  or  are  in the process of relocating and do not have an
       ISP.  Even  if you are able to access your ISP-based email account
       remotely,  being  able to rely on a free email account is ideal if
       you  are using a public computer or a shared wireless hot spot and
       are concerned about exposing the details of your primary account.
     * competitive  features  -  With  so many of these service providers
       competing  for  users,  they now offer additional features such as
       large  amounts  of  storage, spam filtering, virus protection, and
       enhanced fonts and graphics.
     * additional  capabilities  - It is becoming more common for service
       providers  to  package  additional  software  or  services  (e.g.,
       instant  messaging)  with  their  free  email  accounts to attract
       customers.

   Free  email  accounts are also effective tools for reducing the amount
   of  spam  you  receive  at  your  primary  email  address.  Instead of
   submitting  your  primary  address  when  shopping  online, requesting
   services,  or  participating  in  online forums, you can set up a free
   secondary address to use (see Reducing Spam for more information).

What risks are associated with free email services?

   Although  free  email  services have many benefits, you should not use
   them to send sensitive information. Because you are not paying for the
   account,  the  organization  may  not  have  a  strong  commitment  to
   protecting  you  from  various  threats  or  to  offering you the best
   service. Some of the elements you risk are
     * security  - If your login, password, or messages are sent in plain
       text, they may easily be intercepted. If a service provider offers
       SSL  encryption,  you should use it. You can find out whether this
       is  available  by  looking for a "secure mode" or by replacing the
       "http:"  in the URL with "https:" (see Protecting Your Privacy for
       more information).
     * privacy  -  You  aren't  paying  for  your  email account, but the
       service  provider  has  to  find  some way to recover the costs of
       providing  the  service.  One way of generating revenue is to sell
       advertising  space,  but  another is to sell or trade information.
       Make  sure  to read the service provider's privacy policy or terms
       of  use  to  see  if  your  name,  your  email  address, the email
       addresses  in your address book, or any of the information in your
       profile  has  the  potential of being given to other organizations
       (see  Protecting  Your  Privacy  for more information). If you are
       considering  forwarding  your  work email to a free email account,
       check  with  your  employer  first. You do not want to violate any
       established security policies.
     * reliability - Although you may be able to access your account from
       any  computer,  you need to make sure that the account is going to
       be available when you want to access it. Familiarize yourself with
       the  service  provider's terms of service so that you know exactly
       what  they  have  committed  to providing you. For example, if the
       service  ends  or  your  account disappears, can you retrieve your
       messages?  Does  the  service  provider  give  you  the ability to
       download  messages  that  you  want  to archive onto your machine?
       Also,  if  you  happen  to  be  in  a different time zone than the
       provider,  you  may  find that their server maintenance interferes
       with your normal email routine.
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-009.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSBjJOvRFkHkM87XOAQLW0gf+OdzUp+0ZH88GaUUMqi9Um8GVGskV8V9T
nYuyX4EMkp236PpbAhhxublshOXegcGnKYZ3/OJmhKDAUFXDoX0YjcxygGR2MQ4x
VaMOKuVDTFzUJJA5hUWNc+oSLf0rM6iKz24YXJVbGzeEoWmNcOLUy6pzroKfJQ9i
qXpvrCu5ngT0BggAJC7tZCNdLcTggOR/oWsAfle4m1By31w1ohluxrkv/ZzeOUCG
3xWEe55pGlvoz65CWG/pVWtnPuaBHOgR2ppQkVsMX2DYK5V2/8CyMNKqpegAU/59
nrt6n/qbMTBVqMZwXNsEOIbE9l5hlByDM2ZPD+UJ6vySv1y8xoLzEA==
=5mXF
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux