This is a major update to what I consider one of my most important articles, dating all the way back to 2004 (with intermediate updates in 2010 and 2013).
My answer has changed from “mostly no” to “mostly yes”, with the following important caveats:
- You must understand the costs.
- You must understand the risks.
- You must prepare for disaster.
- You must take responsibility.
I’ll dive into each of these in detail, but before I do, I’ll share one concrete datapoint: all of my email is currently being processed via free email accounts. Clearly, I believe it can be done safely.
Become a Patron of Ask Leo! and go ad-free!
The cost of free email
I’m sure that by now you know there’s no such thing as “free”. Everything has a cost. It may not be money that comes out of your wallet, but there’s always a cost of some sort.
Here are some of the costs associated with free email services:
In my opinion, and based on questions I receive and problems I see every day, the lack of responsive customer service is the single biggest cost that people “pay” on a regular basis.
The risks of free email
Not a day goes by1 that I don’t hear of problems with one of the major free email providers. It’s never a problem with the service itself – that always works as expected. The problem is almost always lost email, or a lost or compromised account.
As a result, I can easily identify the single biggest risk for anyone using free email in any way, at any time, and for any reason: lack of customer support. THERE IS NONE.
Someday, somehow, you’ll run into a problem for which you need help, and there will be no one to help you. Period. You will not get help. You’re on your own. If you can’t figure it out, tough luck. And yes, that often includes losing your email or losing access to your account completely.
You might think I’m being alarmist, but please trust me, I’m not. This is what I see and hear from people desperately asking for help almost every day – help that in most cases, neither I nor anyone else can give.
Preparing for disaster
With all that being said, it is possible to use free email accounts quite safely. I do it.
You simply need to prepare.
Being prepared really boils down to a list of “do’s and don’t’s” you’ve probably heard before.
- Use a strong password. Many hacks result from simply guessing your password. You should use at least a 12-character password these days, ideally with random characters. See What’s a good password? for more.
- Use two-factor authentication. Sometimes referred to as multi-factor, or simply “2FA”, knowing the account password is not enough to log in on a machine that hasn’t been used previously – like an overseas hacker’s machine.
- Don’t share your password with anyone. Accounts are often hacked by ex-friends and ex-spouses who were given the password in better days. Planning to change passwords when you break up doesn’t work; often the account theft happens before the breakup (or even causes it).
- Don’t write your password down. If you must, keep it in a locked drawer, a safety deposit box, or something similar. Written-down passwords will be found. Consider using an encrypting password vault like LastPass to remember your passwords for you. This also makes it simple to use exceptionally strong passwords you don’t need to remember yourself.
- Don’t log in to your account on any computer you don’t control, ever. Public or shared computers are a goldmine for account thieves and hackers. I often hear from people who checked email at a “friends” house, (or worse – a public library), only to find their account quickly compromised.
- Don’t log in to your account over unencrypted or “open” Wi-Fi hotspot connections. Fortunately, most web-based services use https, which is encrypted. The problem is when they are unencrypted, anyone within range can capture your username and password. See How Do I Use an Open Wi-Fi Hotspot Safely? for more.
- Keep your machine clear of malware. This could be another list of “don’t’s” all by itself. Don’t open attachments you don’t expect, don’t download from sites that aren’t known to be absolutely trustworthy, run up-to-date anti-malware software, keep all your software up-to-date, and so on. See Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet for more.
- Don’t fall for phishing scams. No legitimate service will ever ask you for your password in an email. If you’re not sure, check with the service directly by visiting their web site. Do not respond to email that asks for your password, ever.
- Keep your recovery information up-to-date. This one is hard to stress enough. When (not if) you run into problems at the account level – perhaps a forgotten password, or even a compromised account – it’s the recovery information, like a phone number or alternate email address, that will save you. If you don’t have those, or they’re no longer accurate, you will very likely lose your account completely. In fact, I call it A One Step Way to Lose Your Account … Forever.
- Back up. I don’t mean your PC (though of course you should back that up too); I mean back up the contents of your online free email account. Should the worst happen and you lose access to your online account, a backup copy of your email and contacts will help at least mitigate the disaster. I recommend backing up to your PC using an email program like Thunderbird.
All the recommendations apply to any email service, regardless of how you access it. In fact, those recommendations apply to any online service, not just email.
Here’s a quick rule of thumb to help judge if any of this matters: if your free email account went away completely tomorrow, along with all of the mail and contact information that it contains, would it be an inconvenience or a catastrophe? If the latter, you need to prepare. Now.
Most of what I mean by being prepared is taking personal responsibility for the security, integrity, and reliability of your own email.
It’s your responsibility to ensure that your account is maintained securely. It’s your responsibility to back it up in case of data loss. It’s your responsibility to have the information and procedures in place to be ready to deal with account lockouts, theft, or just about any hiccup that might come along.
It’s your responsibility to deal with any and all problems that come up.
Always assume there will be no help. It’s all on you.
If that’s not acceptable, you shouldn’t be using a free email account at all. Look for alternatives that, at a minimum, offer more comprehensive customer support.
Free email is ideal for some things
Free email accounts can be used with less concern for purposes that are less important than “real” email.
Throw-away accounts: Free accounts are perfect when you really don’t care what happens. They’re great when you need an email address for a company that might spam you later. They’re useful if you need or want to remain anonymous, or otherwise separate that email from your important stuff.
The risk is that while you might think it’s unimportant, it turns out that it really is. Back to the rule of thumb: if the email account went away completely and without warning, would it matter? If the answer is anything other than a hearty and well-considered “No!”, it’s not really a throw-away account.
SPAM filters: In an ironic twist, Google Mail (Gmail) turns out to have a very robust spam filter. Yes, your Gmail account will get tons of spam, as all the free services do, but Google’s spam filters are (as I write this) the best I’ve seen at filtering out spam. In fact, it’s what first attracted me to using Gmail for the majority of my own email.
Service access: Sometimes you simply have to have an email address with a particular service to access certain functions. My Hotmail account is my Microsoft account, my Yahoo account is what I use for Flickr (a Yahoo service), and my Gmail account is how I access Google-related services. Even if I never use these free accounts for any email at all, they’re important, and need to be treated responsibly.
Can you use free email “for real”?
Remember: if you lose your free email account for any reason, it is likely you will not get it back. It’s possible, but in my years of experience, it’s unlikely. When it happens, you lose your email address – permanently. People who send email to that address will not reach you, and may in fact be emailing the hacker who stole your account.
It’s a fundamental risk of a system that has little or no customer service because it’s free.
You can, however, minimize your exposure by preparing for disaster, as outlined above. That’s the first step – or rather list of steps – to safely use a free email account “for real”.
By far the single most important thing you can do is to consider what happens if your free email account were not there tomorrow, and take responsibility for making sure that doesn’t happen – or has as little impact as possible if it does.
Years of reader questions and reported problems only continue to strengthen my position.