Productivity Security

8 Essential Email Security Tips You Should Know by Now

Ben Stegner Updated 06-07-2020

Online security is something you probably know is important, but might not give it the proper attention. Unfortunately, negligence in this area can result in huge problems, and your email is one of the most sensitive areas.


Having your email account compromised will allow an intruder to break into any account you’ve used it to sign into. That’s why you need to keep your email as secure as possible. Here are some simple yet important email security tips you should put in practice.

1. Use Separate Email Accounts

Most people have one central email account for all their personal activity. This means that all of your social media notifications, website registrations, newsletters, receipts, messages, password resets, and more get sent to the same email box.

Having everything in one place means that if that place fails, you’ll lose everything associated with it. If someone breaks into it, they’d be able to access all of the above kinds of media. And remember that when you reset a password on most sites, the link to reset it goes to your email. This could allow someone to lock you out of all your own accounts.

To combat this, it’s a smart idea to use separate email accounts for different purposes. This will help boost your security by limiting the damage someone could do by breaking into one account. It’s even better if you use secure email services The 5 Most Secure and Encrypted Email Providers Fed up with government and third-party surveillance of your emails? Protect your messages with a secure encrypted email service. Read More for your most important accounts.

Plus, doing so can also boost your productivity. You could consolidate all your work emails into a single work account, friends and family communication with your personal account, have a recreational account for various websites, then a throwaway account for potential spam links.


This way, if someone hacks your work account, all of your personal emails are still safe.

2. Set a Unique, Strong Password

A login screen representing what information a cookie stores
Image Credit: mishoo/Depositphotos

No matter if you stick with one email account or use multiple as above, it’s vital to protect each one with a strong password. Reusing the same password on multiple accounts is a major vulnerability. If an attacker breaks a password, they’ll certainly try it on other accounts using your email address.

While it seems simple, many people don’t follow this basic advice. The best way to improve your security in this area is to start using a password manager 7 Reasons You Should Be Using a Password Manager Can't remember passwords? Want to secure your online accounts? Here are several key reasons why you need a password manager. Read More . These let you create strong and unique passwords for every account that you don’t have to remember.


3. Enable Two-Factor Authentication

Gmail Two Step Authentication

Along with a strong password, you’ve probably heard the advice about using two-factor authentication (2FA) before. And while using it is a little inconvenient, it drastically increases the security of your account. In addition to your password, 2FA requires a secondary code (usually from your phone) to log in.

As mentioned above, because your email is the key to every other account, you should at least use 2FA there even if you don’t enable it anywhere else.

Follow our guide to setting up 2FA on major accounts How to Secure Your Accounts With 2FA: Gmail, Outlook, and More Can two-factor authentication help to secure your email and social networks? Here's what you need to know to get secure online. Read More for information on how to do it. For best results, we recommend using an authenticator app like Authy. This generates offline codes that you use to approve new account logins after entering your password.


4. Beware of Phishing Scams

Legitimate companies will not ask you for your password or other sensitive information over email. While you might be able to spot blatant attempts to steal your information, scammers have gotten better at creating convincing phishing messages.

Typically, phishing emails claim to come from a legitimate entity (like Amazon, Apple, PayPal, or similar) and tell you that something is wrong with your account. They prompt you to click a link that leads to a fake website. If you enter your credentials there to “confirm” the information, you’re actually handing the data over to thieves.

You should know how to spot a phishing email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More to avoid falling for these common schemes.

5. Never Click Links In Emails

The widespread nature of phishing means that it’s wise to follow a general rule: when in doubt, never click links inside emails. While you can hover your mouse over a link to preview the destination URL, this isn’t foolproof. Most email fraud relies on you clicking a link that takes you to a phony website, so clicking links is always a risk.


At best, clicking a link will let the scammer know that your email is active and that you’re willing to click on links. At worst, it could bring you to a site that tries to install malware on your computer or wants to steal your information.

If you get an email claiming to come from your bank or any other service that asks you to sign in, always visit the website manually to see what’s going on. The only exceptions are when you’re explicitly expecting a particular email, such as a forum registration link or game account activation email.

6. Don’t Open Unsolicited Attachments

Phishing Fake Ad

Most of the time, you should treat attachments in emails like links. If you’re expecting something from a friend, then you’re probably fine to open the attachment. However, if the email is unsolicited, you shouldn’t open any of its attachments.

Even if the file looks innocent, it could be a hidden danger. It’s trivial to spoof filenames and extensions to make a nasty EXE look like a JPG, for example. A lot of ransomware distributes through email attachments, so opening one could begin the encryption process on your system.

Follow our guide to spotting unsafe email attachments How to Spot Unsafe Email Attachments: 6 Red Flags Reading an email should be safe, but attachments can be harmful. Look for these red flags to spot unsafe email attachments. Read More so you don’t make a costly mistake.

7. Scan for Infections Regularly

If you read an email, open an attachment, or visit a linked website that seems suspicious in any way, it’s not a bad idea to run a malware scan. Of course, not every spam email will infect your machine, and it’s probably overkill to run a scan every time you open a fishy message.

It’s better to be safe, though. Make sure you have a reliable antivirus suite installed (Windows Defender is fine for Windows 10) and consider installing Malwarebytes for a second opinion. If you unknowingly enabled a keylogger, you’d rather know sooner than later.

8. Be Careful on Public Networks and Computers

You probably know that public Wi-Fi isn’t as secure a connection 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity You might love using public Wi-Fi -- but so do hackers. Here are five ways cybercriminals can access your private data and steal your identity, while you're enjoying a latte and a bagel. Read More as your home network. And while you’ll probably be OK checking your email on airport or cafe Wi-Fi, you should still take caution when using such networks.

Thanks to widespread use of HTTPS, your activity on most websites will be safe from prying eyes elsewhere on the network. However, if you don’t own the network, you can’t be certain of how it’s set up. The network could be a spoofed point, or have malicious software installed to allow for man-in-the-middle attacks.

The same goes for logging into your email on public computers, like those in libraries and hotels. Someone could install a keylogger on those machines to steal your credentials, so it’s best to stick with trusted devices like your phone when at all possible.

Safe Use of Email Is Essential

While the web has become more secure over time thanks to widespread use of HTTPS, stronger encryption protocols, and better automated detection from email providers, a lot of your personal security still lies with your decisions. Take some time to lock down your email accounts and your online safety will become a lot stronger because of it.

In short, don’t click anything from an email that you weren’t expecting, and make use of the various account security options email providers offer. Doing so will make your account much safer to use. If you’re not convinced, find out what scammers could do with access to your email account 6 Ways Your Email Address Can Be Exploited by Scammers What happens when a scammer hacks your email account? They can exploit your reputation, financial accounts, and much more. Read More .

Related topics: Email Security, Email Tips, Online Security, Phishing, Scams, Two-Factor Authentication.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Visible One HK
    October 17, 2018 at 11:02 am

    There's is no doubt that being knowledgeable in email security is important nowadays in order to protect oneself from cyber attacks. Thanks for sharing this great article. Keep it up!

  2. Web Design Agency Hong Kong
    October 17, 2018 at 11:00 am

    There's is no doubt that being knowledgeable in email security is important nowadays in order to protect oneself from cyber attacks. Thanks for sharing this great article. Keep it up!

  3. Nick
    May 24, 2016 at 9:54 am

    Very well written blog. Email security is indeed the need of the hour, With so much going on in the world of viruses, it has become important to save our emails as most of the businesses are dependant on emails. Talking about it, antivirus programs are helpful like Avast, Bitdefender, REVE Antivirus that helps in ensuring safety of computer, emails and web.

    • Joel Lee
      May 27, 2016 at 1:46 am

      Thanks Nick. You're absolutely right. Unfortunately a lot of people don't care enough to take the proper steps towards protecting themselves. :(

  4. Anonymous
    October 9, 2015 at 1:34 pm

    LOL.....ever since setting up my spamcop and KnuJon accounts,,,,,they get ALL of my spam...and my spam numbers have actually dropped significantly.....granted, a lot of it comes from nigeria and russia, etc....but yes, it is time consuming, forwarding it all to knujon and spamcop. but i feel it's paid off.......I may get 3 or 4 spam messages per day.......vs. the old 20+ per day.......also something that has helped me, is unsubscribing from all the old newsletters and forums I no longer use.......

  5. Roomy Naqvy
    December 14, 2012 at 6:25 pm

    Also, disable images in your email. Sometimes, scammers use embedded images in their emails to phish out your data.

  6. Altra Attestor
    October 15, 2012 at 11:42 am

    This helped me on the importance of email

  7. b7ddbfd4136c77f546943d6d644bb5f3
    October 8, 2012 at 10:23 pm

    I use a header tracker. My junk mail nearly always comes from a location I would never have contact with, Ukraine, India, Romania etc. This will show in the header. I use

  8. abdur jahangir
    October 6, 2012 at 7:30 am

    i have locked my id is there any guy who can help me.

  9. Srinivas N
    September 23, 2012 at 5:36 pm

    Always wondered how they're able to intrude in Public Wi-Fi..
    Thanx for that Network Sniffer stuff..i will be much happier to know how these Network Sniffers work actually a bit more technical..

  10. Kurt Decker
    September 20, 2012 at 1:17 am

    Fabulous! Thanks for drawing our attention to this. It's really "common sense".

  11. Pedro Wallie
    September 19, 2012 at 12:58 pm

    Thanks. You guys are gtreeeaat! I was not aware of a few tips presented here like the public Wi-Fi tip. Thanks.

  12. Kp Rao
    September 17, 2012 at 11:10 pm

    really I don't know before i read this article

  13. Dylan Brendan
    September 17, 2012 at 10:48 pm


  14. Nikhil Kulkarni
    September 17, 2012 at 1:38 pm

    Very Informative...:)

  15. Bav
    September 16, 2012 at 8:12 am

    I think having multiple email accounts unnecessarily complicate ones life.

    Gmail, for example, has two-step verification which requires the user to input a code sent via text each time they access their email account from a new device.

    I'm not sure why this kind of advanced security management hasn't been mentioned in the article. To me, that is a good way of securing your account.

    I agree with all the other advice. I like having one email account I use for everything - it allows me to keep a track of everything from one place. I suppose I could use mail forwarding and not have to worry about logging in elsewhere though... I just think it complicates things.

    • Scott
      September 16, 2012 at 12:28 pm

      FWIW, I recently read through Matt Cutt's blog post on 2FA. It generated a lot of discussion in the comments. Though the majority of the responders were in favor of it, there were some (more than I expected) who had negative things to say about it – not necessarily the functionality itself, but the fact that it was *Google* using it. (E.g. a comment by "Not Safe" toward the bottom of the page linked to an interesting article warning about giving away cell phone numbers).

      In case anyone's curious:

  16. Vince Radice
    September 15, 2012 at 9:04 pm

    This is one of the reasons I switched away from micro$oft to Linux. More stable (no BSOD). More secure. Free!!! I try to open attachments anyway. windows exes do not work in Linux.

  17. Roger Imai
    September 15, 2012 at 7:11 am

    I recently disregarded my own usual caution and discovered something interesting going on. What happened was I received a no-subject line email from my sister which contained a URL. It was total, moronic impulse that I clicked on it, and was taken to a page that described a lady supposedly in my locale making $3K+ a month from home simply by "posting links" and receiving per-click compensation, with an invitation to join the program. I closed the tabbed window, and searched for verification of this lady, and found listings of her name in several US locations, but nowhere near here.

    Oddly enough, the pages I saw looking for this person usually included a link to a "new" two-product skin treatment featuring "polymoist-ps" that claimed to restore a 20-years younger appearance to one's complexion. Each link told the same story with different people, and included visitor comments below, but when you try to add a skeptical comment, you get a "not available, try again later" message. The pages all had a Disclaimer at the bottom stating, "result may vary," one even stated that the page was loosely based on one user's claim and was "not to be taken as a non-fictional story." Another page stated that it was an advertisement, and facts were modified, including the comments posted.

    The scammer is operating as a corporation, at least one of which is called Consumer Products Daily. He's selling a link-posting "internet business" and putting up multiple testimonial pages for the the business investors to post. He get money from both the buyers of the internet business plans, and from the people trying the 2-product facial treatment -- which start cheap, but in the fine print, you're subscribing to a program that will cost several hundred dollars. You can cancel any time. But that's another story.

    This is promotion is a well conceived, complex scheme that is likely impossible to trace to the actual perpetrators. The internet business is a scam. The face cream combo is a scam. Both offers take your credit card and sign you into extended subscriptions that will charge your account repeatedly. Most people will not react quickly enough and will lose much more than they thought they were risking.

    About my clicking on the link. I am probably lucky that I run Linux and rogue programs may not run in the background without the operating system requesting explicit permission. Windows users without appropriate security may experience other symptoms, such as exposure of their e-mail contacts to unknown parties, and mail being sent to them without their knowledge. Anyone skeptical about the capabilities of online threats should Google "Stuxnet worm."

  18. venkatp16
    September 15, 2012 at 6:07 am

    Very useful info for beginneres..

  19. Mirza Rawal baig
    September 15, 2012 at 4:31 am

    Very Informative post, these are some necessary points everyone should knew

  20. Roger Caldwell
    September 14, 2012 at 10:25 pm

    Regarding 7. Avoid public WIFI. It mentions in particular checking email over public wifi. Is it still so dangerous if you are using SSL on your POP/SMTP/IMAP accounts?

  21. Edward Bellair
    September 14, 2012 at 7:14 pm

    Good points. To bad so many people don't follow this advice.

    • Joel Lee
      September 14, 2012 at 7:41 pm

      It is sad, yes. I live by the motto, "Better safe than sorry," but not many people do that anymore.

  22. GrrGrrr
    September 14, 2012 at 7:08 pm

    I follow almost all the tips you have mentioned.

    so far so good.

  23. Dave
    September 14, 2012 at 6:16 pm

    Re. previous: Should have read item five. It's my age, don'cha know!

  24. Dave
    September 14, 2012 at 6:14 pm

    Re. item seven:
    If you are definitely expecting something with an attachment from a known and trusted person, then I would imagine that this would be OK most of the time but I gather that address books can be hacked, so the mail could still look like it's from someone you know but, in reality, it could be loaded with malware.
    A program I have used almost from its inception is Mailwasher from Firetrust
    (This is not an advert and I have no affiliation to them, other than being a satisfied customer). Mails can be inspected whilst still on the server and either deleted or then downloaded to your e-mail client if you're happy that they are legit. There is a "bounce" feature but I imagine this would be of limited use these days. Very useful for keeping nasties out of your local inbox.

  25. B
    September 14, 2012 at 6:07 pm

    You wrote, "Avoid Public Wi-Fi". Instead, teach users about VPN.

    • Joel Lee
      September 14, 2012 at 7:41 pm

      Learning the ins-and-outs of VPN usage would require a separate article unto itself! But yes, VPN is a way to add another layer of security (not just for emails, but Internet activity in general).

  26. Jim Spencer
    September 14, 2012 at 5:21 pm

    Great article, or posting! I follow these guidelines pretty close to the letter, however, I have a question! The reason I am reading this article is because I clicked on the link in my makeuseof email to get to this page! Was that still a bad practice? I have an excellent AV with BitTorrent, which scans every piece of mail, web based or not!

    • Joel Lee
      September 14, 2012 at 7:40 pm

      Scammers can quite easily impersonate big websites (for example, there are tons of scam emails going around that falsely claim to be from Blizzard Entertainment), so there is still a bit of risk involved when clicking links--even if it seems legit. The best practice would be manual URL typing, but it's up to you if the inconvenience is worth the trade-off for security. :)

      (Personally, I do click links in emails that I'm expecting. But if it's an unsolicited email, I'm immediately suspicious.)

  27. AP
    September 14, 2012 at 5:03 pm

    Wise advice , a bit hazzaled because it's difficult to give away old habits but try to follow it.

  28. Michael Cook
    September 14, 2012 at 3:55 pm

    These are some great pointers and I unknowingly use them myself.

  29. Jamie
    September 14, 2012 at 3:46 pm

    Matt Honan's article also said that what happened to him wouldn't have happened if he'd used Google's 2-Step Verification. It's as unobtrusive as is possible (I think). You either use their Authenticator application or you get a text every time you log in to your account from an unknown computer. Not only does this increase security, but you get a heads up if someone's trying to access your account.

    • Scott
      September 14, 2012 at 4:31 pm

      Yes, considering the nightmare that one goes through to recover a stolen (free) email account (think: Gmail, Yahoo, Hotmail/Outlook), the more these services can do to implement preventative security features, the better ! :-)

  30. Petey Pabler
    September 14, 2012 at 3:06 pm

    Some quick comments I have are; Any link in an email is underlined and highlighted (usually blue depending on your theme). You can hover over the link with your mouse pointer and see where the link will take you. It could say in the email, but when you hover over it with the mouse pointer it could say [Broken URL Removed]. That is one way to verify the link.
    Another way to check (for attachments and URLs) is to copy the link or the attachment in question and upload them to They scan and report all URLs and attachments securely and privately using all antivirus engines. Totally worth checking out even if you typically trust the source.

    • Joel Lee
      September 14, 2012 at 7:37 pm

      Great suggestions. Some scammers will use very similar URLs (.com vs. .net, for example) so you must be absolutely cautious when you scan URLs like that.

  31. Scott
    September 14, 2012 at 12:21 pm

    Joel said (under the first point), "In other words, if you bring all of your activity into a single email account, what happens when someone breaks into it? I’d say it’s plausible that they would gain access to everything else. This is why you should use multiple email accounts."

    This great advice complements results seen in the recent article "How Do You Use Email ?".

    With so many people seeming to prefer using webmail these days, they would seem to be making themselves vulnerable to the concern you raise above when using a webmail account to manage any/all others. That is, no matter how many separate accounts people have set up for various things, *if* they have even one online account being used as a 'managing account' (as many people do seem to use their Gmail account for), then THAT account, as you note, is a prime target for all the information in the other accounts. And, consequently, it would seem to lessen – but not completely eliminate – the advantage of having these multiple accounts to begin with. (Am I misunderstanding any of this ?)

    IOW, *if* one is going to take your advice to use multiple accounts as an email security layer, then to complete the picture, IDEALLY one should also (a) check each account *separately* while online, and (b) use an *offline* client, instead of a webmail account, when one wants to do any managing of all accounts in *one* interface. No ?

    • Joel Lee
      September 14, 2012 at 7:37 pm

      You've understood the concept correctly!

      Offline clients can make it easier to manage multiple accounts, but I don't think they are inherently safer. The two main ways that an offline client can be "hacked" are: 1) physical access to the computer, and 2) packet sniffing. In either case, if one account is compromised, all of them will be.

      Accessing each account separately may increase security a bit, but I have a feeling most people would gladly trade that bit of security in exchange for convenience. :(

  32. Shakirah Faleh Lai
    September 14, 2012 at 11:06 am

    I do use some separate account for different task but at the end I forgot the username of some account that I don't use regularly.

    September 14, 2012 at 11:00 am

    Fair comments and tips.

    Regarding "2. Create A Unique Password" - we all know that this can be painful. It is hard to memorize more than one password and that's why a lot of users end up using the same password in a lot of web sites. Here is a way to overcome this problem:

    • Joel Lee
      September 14, 2012 at 7:33 pm

      Wow, that's really neat! Extremely useful and easy-to-memorize way to create unique passwords for each site. I'm going to try it out.

    • Stonedreamer
      September 17, 2012 at 9:26 am

      OMG... That is a really smart way to actually use only one password. Great work Konou - I will pass your little trick along to my friends :))

  34. Ahmed Khalil
    September 14, 2012 at 9:53 am

    all of us know these advises but still act like we do not hear about it, and when the problem happen their will be no way back

    • Joel Lee
      September 14, 2012 at 7:32 pm

      That's the problem. People tend to ignore advice until it's too late, unfortunately.

  35. Faisal Ahmed
    September 14, 2012 at 6:16 am

    hmm...I have to re-activate my yahoo account (quite boring)...

  36. xbalesx
    September 14, 2012 at 4:03 am

    Great things to always be aware of and currently I have 4 throw away email accounts.

    • Joel Lee
      September 14, 2012 at 7:32 pm

      Throwaway email accounts are so useful. Nice!

  37. Hafid Aid
    September 14, 2012 at 2:35 am

    These are the bases that everyone should do! haf4fb[at]gmail[dot]com is for what it stands for :D