Email Best Security Practices (Part 1)

It is to be hoped that this guide will help the user understand the basics of email security. Email security involves the maintenance of the basic information security ideas:

  • Integrity – ensuring that your message has not had unauthorised alteration
  • Confidentiality – ensuring that no unauthorised person (or process) has viewed the content
  • Accountability – being able to prove who wrote the email
  • Availability – ensuring that the email can be sent/received
  • Non-repudiability – being able to prove that the recipient really did receive it

Think before you click

Do not open e-mails when you can’t tell who the sender is. Do NOT click on any links in this message if they appear.


If an unexpected email brings you news that seems too good to be true, it is probably a spam and a scam. If you didn’t request information about the product or service, it is probably a spam and a scam. If it promises to enhance parts of your body, it won’t!

Chain Messages

Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don’t pass them on — it is as simple as that.

Phishing Emails

Phishing is a type of online fraud where the sender of the email tries to trick you into giving out personal passwords or banking information. Even the most experienced email user will occasionally accidentally open up a phishing email. The best defence is never to open the email in the first place.

Always log into the source to check if the message is legitimate i.e: If Facebook appears to have emailed you, login to Facebook from a bookmark and check any notifications from within Facebook.


Use a unique password for different online accounts. Using the same password for different accounts is a bad idea, if one password is exposed this could expose all of your accounts that use the same password.

Use two factor authentication where available, this adds an extra layer of security. To login the user requires something they know (i.e: password) and something they have (i.e: phone).

White List

I always set my inbox to Exclusive where possible:

‘Your junk email filter is set to Exclusive. As a result, all messages from addresses that aren’t in your Contacts or safe senders are sent to your junk email folder.’

I then review my junk for any relevant emails and delete the rest.

HTTP Secure

Enable HTTPS if the option is available, especially important if using a webmail client at a WIFI spot. By using a connection with such security features, the user can be more confident that their account is safer from hackers.