-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-009
Benefits and Risks of Free Email Services
Although free email services are convenient for sending personal
correspondence, you should not use them to send messages containing
sensitive information.
What is the appeal of free email services?
Many service providers offer free email accounts (e.g., Yahoo!,
Hotmail, Gmail). These email services typically provide you with a
browser interface to access your mail. In addition to the monetary
savings, these services often offer other benefits:
* accessibility - Because you can access your account(s) from any
computer, these services are useful if you cannot be near your
computer or are in the process of relocating and do not have an
ISP. Even if you are able to access your ISP-based email account
remotely, being able to rely on a free email account is ideal if
you are using a public computer or a shared wireless hot spot and
are concerned about exposing the details of your primary account.
* competitive features - With so many of these service providers
competing for users, they now offer additional features such as
large amounts of storage, spam filtering, virus protection, and
enhanced fonts and graphics.
* additional capabilities - It is becoming more common for service
providers to package additional software or services (e.g.,
instant messaging) with their free email accounts to attract
customers.
Free email accounts are also effective tools for reducing the amount
of spam you receive at your primary email address. Instead of
submitting your primary address when shopping online, requesting
services, or participating in online forums, you can set up a free
secondary address to use (see Reducing Spam for more information).
What risks are associated with free email services?
Although free email services have many benefits, you should not use
them to send sensitive information. Because you are not paying for the
account, the organization may not have a strong commitment to
protecting you from various threats or to offering you the best
service. Some of the elements you risk are
* security - If your login, password, or messages are sent in plain
text, they may easily be intercepted. If a service provider offers
SSL encryption, you should use it. You can find out whether this
is available by looking for a "secure mode" or by replacing the
"http:" in the URL with "https:" (see Protecting Your Privacy for
more information).
* privacy - You aren't paying for your email account, but the
service provider has to find some way to recover the costs of
providing the service. One way of generating revenue is to sell
advertising space, but another is to sell or trade information.
Make sure to read the service provider's privacy policy or terms
of use to see if your name, your email address, the email
addresses in your address book, or any of the information in your
profile has the potential of being given to other organizations
(see Protecting Your Privacy for more information). If you are
considering forwarding your work email to a free email account,
check with your employer first. You do not want to violate any
established security policies.
* reliability - Although you may be able to access your account from
any computer, you need to make sure that the account is going to
be available when you want to access it. Familiarize yourself with
the service provider's terms of service so that you know exactly
what they have committed to providing you. For example, if the
service ends or your account disappears, can you retrieve your
messages? Does the service provider give you the ability to
download messages that you want to archive onto your machine?
Also, if you happen to be in a different time zone than the
provider, you may find that their server maintenance interferes
with your normal email routine.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-009.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSBjJOvRFkHkM87XOAQLW0gf+OdzUp+0ZH88GaUUMqi9Um8GVGskV8V9T
nYuyX4EMkp236PpbAhhxublshOXegcGnKYZ3/OJmhKDAUFXDoX0YjcxygGR2MQ4x
VaMOKuVDTFzUJJA5hUWNc+oSLf0rM6iKz24YXJVbGzeEoWmNcOLUy6pzroKfJQ9i
qXpvrCu5ngT0BggAJC7tZCNdLcTggOR/oWsAfle4m1By31w1ohluxrkv/ZzeOUCG
3xWEe55pGlvoz65CWG/pVWtnPuaBHOgR2ppQkVsMX2DYK5V2/8CyMNKqpegAU/59
nrt6n/qbMTBVqMZwXNsEOIbE9l5hlByDM2ZPD+UJ6vySv1y8xoLzEA==
=5mXF
-----END PGP SIGNATURE-----
