Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

You Can Use Free Email Safely (But Most People Don’t)

Become a Patron of Ask Leo! and go ad-free!


Show Transcript

If you found this article helpful you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.

Subscribe now, and I'll see you there soon,


Posted: December 13, 2015 in: Leo's blog
Tagged: , , , ,
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

78 comments on “You Can Use Free Email Safely (But Most People Don’t)”

  1. I store answers to secret questions for accounts in LastPass, so I can find them easily. Not paying for a texting plan, I don’t use cell phones, but I have all 2 factor authentication go to my E-mail. I have never had a problem with gmail overseas, fingers crossed.

    • Surprisingly, I’ve never had a problem with mine overseas either. And that’s while traveling with my wife and we were both able to access our gmail accounts easily.

  2. I have been using Yahoo’s free email since around the year 2000. It was handy when I had to switch Internet service providers due to a move from my home. Since then, and this is about fifteen years later, I have not had a problem with them. I did pay for their upgrade so that I can use aliases for the same email, but that was just a perk. The basic service is reliable, and I have never been compromised. I use it for business and non-family purposes only. Later, in about 2006 I opened a Gmail account that I began to use for friends and family only. Same here, I never had a problem. I have tried using Thunderbird for backing up both accounts. It worked — sort of –. On my business related email I keep things only if they are relevant to later review. Once a year I delete all the detritus in a moving window fashion. The best thing about Internet based email is that I can access it anywhere any time regardless of my ISP, and it is free.

    • “I have tried using Thunderbird for backing up both accounts. It worked — sort of.” – It’s an unnecessarily complex approach, IMO. I simply use filters to auto-forward emails from my Gmail account to my account, which then serves as a backup. This approach also saves several GBs of space on my local storage devices.

      • That’s a fine approach. I feel more “in control”, though, if I have my email downloaded onto my PC and am not reliant on additional third parties to keep my backups. I also retain total control over what is kept, for how long, where, and whether it’s also backed up here at home.

  3. Leo, i am 72 & a bit old for this but maybe you can help? I have Win. 10. I use Google Chrome because Edge,( which is using BING) is so slow, at least 50 times slower than Google to open a webpage, then very often I get the “OOPS” message and this denotes its inability to open or find the page. There must be something wrong, but I am just not capable of finding out what it is. Any help greatly appreciated.
    PS How to R.Click and add shortcut as I could do for any webpage on Vista?

  4. My own view is that free Email accounts are worth precisely what you pay for them. I’ve had a Hotmail account since 1990 but use it seldom. I opened a Gmail account to facilitate syncing the desktop Outlook (.exe) with my Android portables. It works well.

  5. I have Thunderbird installed and whenever I receive an important email in Hotmail, I immediately save it there. I also have registered another email and cell phone number as a secondary layer, and have secured a recovery code from Microsoft. I regularly backup Firefox and Thunderbird in Dropbox using MozBackup, a free program that I find invaluable. All my information regarding passwords, secret questions, etc. is recorded on a spreadsheet that is encrypted using VeraCrypt and also on a thumb drive that is stored in a secret location in case my computer ever crashes. I am very vigilant to update this spreadsheet anytime anything changes. I also do image backups regularly.

  6. I recently was asked to recover the contacts and saved addresses for a lady who used thunderbird with her emails from her isp plusnet in the UK. By using thunderbird all her details had been removed from plusnet and installed in her profile on her pc. The disadvantage being if she was not at her pc she could not get to her contacts or addresses. When she bought a new pc thunderbird treated her as a new client. I had to recover her profile from the old pc and install it on the new one. Although thunderbird knew where to store a new default profile it was not clever enough to use her original profile. I was surprised to hear you use thunderbird just to store your info every now and again. How come your details are not taken from your email address and stored in thunderbird?

    • The scenario you describe means your friend is using the POP3 protocol to retrieve email via Thunderbird. Note that Thuderbird is just the client and is not causing the problem, it’s just performing POP3’s default protocol. If at all possible, you want to move away from POP3 and use IMAP. Read this article when you get a chance: Note the first two sentences in the POP3 section (capitalization added for emphasis):

      “The Post Office Protocol (POP) allows you to use your Inbox, as the name suggests, like a post office. The email leaves the sender and arrives in your Inbox WITHOUT BEING STORED ON A SERVER ANYWHERE.”

      You can change the POP3 settings to leave a copy on the server, but that does not happen by default. If her mail provider doesn’t support IMAP, time to move to another provider. Hope this helps.

  7. I have not had a problem with Gmail except when I ran into a storage limit. Rather than pay for extra space, I simply deleted unwanted items or made sure I had backed up, such as on line photos. As for storage of important emails, etc. I simply convert each affected email to a pdf and store it in a relevant file on my hd, as well as backed up as needed.

  8. My ISP uses Yahoo so I don’t really have a choice.

    Following Leo’s amazingly easy to follow directions I have opened a Mozilla Thunderbird account and everything downloads to my computer AND stays on the Yahoo servers. This means I can still access all my email from any computer as I always did.

    At the start of every day day I open Thunderbird and download all my messages, then close it. I still use Yahoo the way I always did, for reading, sending etc.

    Using Leo’s easy to follow instructions in his Macrium Reflect Back Up book, I can back up and store all the messages for as long as I want them. They are on my hard drive and my back up drive.

    Leo is definitely my go to guy when I cannot figure something out for myself. THANKS LEO!

    • Lucy, you say you don’t have a choice , but you still do . Just because your ISP says you have to use Yahoo , you can actually go with your web browser to other email providers .

      • True enough, but it somewhat invalidates my suggestion that the first level of “for pay” account would be your ISP. I would HOPE, however, that the ISP takes some responsibility for customer support on the Yahoo account.

        • Verizon (at least with my DSL account) bundles Yahoo Premium email in the price which includes the wonderful Addressguard (one reason I am trying to hold onto DSL service; I’m their only customer in the neighborhood still on copper wire). There is a catch. Yahoo offers only FAQ support and a feedback form. That’s it. Verizon offers nothing except a user forum. You are caught between two companies. Come to think of it individually paying $20 per year for Yahoo Premium mail might not be a bad thing because then I think you do get support. Outside of no real support with the bundled service, I have used Yahoo Premium mail for 7 years with great satisfaction, especially the Addressguard. You can setup a different email for every contact and if you get spam on one, just change that one, you don’t need to change your email with dozens of contacts and affiliations.

  9. Thank you, very informative.

    I want to question your assertion that free email accounts are under continuous attack. I have had a gmail account for 10+ years and have used two factor authentication for about half that. In the time I’ve used two factor authentication, I have never unexpectedly received a text with a confirmation code. Does this not mean that no one has gotten past the first level of authentication?

    • It means that no one has successfully guessed (or otherwise determined) your password. (Code won’t be sent until that much has at least happened.) My belief is that almost all free email accounts are likely under a constant, albeit slow, brute force attack where a bot net of machines simply tries common passwords on all accounts that they know of. I would expect the success rate to be frighteningly high. 🙁

      • Leo, you’re right, that’s why we should NEVER use simple passwords with only numbers & letters, rather a combination of upper/lower case letters, numbers & 3 or more of the symbol keys (~!@#$%^&*() to make it less vulnerable to brute force attacks. BTW, this applies to any account, and especially one’s wireless router.

        Sometimes email users gets hacked just because of what you stated, too simple of a password (I prefer the term passphrase) are easy pickings for data thieves. It’s also important NOT to use other’s computers to check email, make transactions, whatever, because these can be recovered easily with no cost software that many of us uses to find unintentionally deleted emails & photos. One also doesn’t know 100% whether the OS is upgraded, as well as Flash Player, or the browser itself.


  10. Installed Thunderbird.

    Where is the place to click to archive my hotmail acct?

    Don’t find anything about backup, only the usual read, compose, etc.

  11. If you’re planning on using Thunderbird to back-up your gmail acct, you’ll need to be sure “Allow less secure apps” is turned on in your security settings. Otherwise you’ll get this less-than-helpful error message: “Sending of password for user did not succeed. Mail server responded: Web login required:“.

    I added a link to the page in my password manager entry for Thunderbird. I turn it on for the sync, and then turn it off again. I do wish Thunderbird would save my contacts — I do that separately from my gmail acct.

  12. Maybe there’s an easy way around this problem but I don’t see it. I have a phone and a laptop and use both to get emails.
    Yahoo has a spam filter which deletes some spam and thunderbird (on the laptop) also has a spam filter which gets virtually all the remaining spam.
    But, when I access my email on the phone it picks up all the spam that yahoo missed and thunderbird got on the laptop. So on the phone I am constantly deleting spam I never see on the laptop – and its a lot !! In other words they’re not syncing because of thunderbirds spam filter.

    Am I missing something? Is there an answer to this that won’t have me deleting spam from my phone for 10 minutes every day?

    • Bud,
      What you might be missing is that you have to train the spam filters to get better results. If you don’t train it spam detection will be based on its experience with other users. You however, might consider some things as spam which few other do and it will not be tagged as spam unless you train it to your particular preferences.

      I use Gmail and Thunderbird as my local client. I gave up on the TB spam filter because I didn’t think it performed particularly well. When you download your mail to TB and notice some spam you have to go to your Gmail account using your browser, locate the offending spam mail in the All Mail section and mark it as spam. While you’re there you should go to the spam section (Gmail doesn’t have folders), check it for messages that aren’t spam and mark them as not spam. If you choose to continue to use the TB spam filter you must train it also by marking messages in TB.

      Over time you’ll be adding the particular things that you, as opposed to all other Gmail users, consider spam. That will fine tune your Gmail spam filter to yield better results for you. Granted this is a little cumbersome when you use a local client like TB instead of reading your mail using your browser to access your Gmail account directly. My own experience using only Gmail spam filtering is that I get hardly any spam at all and very very few false positives.

      Many folks recommend using TB with the IMAP protocol to access your Gmail account. This will make the contents of your account on Gmail and on TB the same; it will regularly sync the two. If you delete a message on TB it will be deleted on Gmail and vice versa. This is handy if you access your Gmail account from several devices as whatever you’ve done on one device will be reflected on all the other devices (messages only, not contacts).

      Some of the commenters have mentioned using TB to back up their Gmail accounts on their local machine. This does work but I prefer to think of the back up process as the reverse of that. I think of the contents of my TB folders as the originals and the contents of the Gmail account as the back up. If I use the POP protocol (with proper settings) no messages in my Gmail account will be deleted unless I specifically go to the account using my browser and delete them. I periodically download new messages from my Gmail account to TB. As they come in I have several filters that sort them into folders for processing, generally based on how important they are. As I deal with each one I move it to a set of folders by category. Many are deleted at this point because they were not worth saving, like ads or minor missives from friends. These deletions are not reflected in the Gmail account because of the POP protocol.

      This creates a set of only the important messages in TB that I can back up locally on my own machine with my usual daily back ups. Gmail still has those messages and all those I’ve deleted – just in case (maybe I deleted something I later regretted). It also means I am backing up only the important stuff so keeping the size of my back up smaller and quicker.

      I keep my contacts in TB and do all my email sending from it using Gmail as my outgoing email server. By not keeping my contacts in my Gmail account they are not susceptible to being compromised if hacked. This will not work if you do a lot of sending of messages from several devices because you won’t have the addresses available on each device unless you’re willing to maintain a separate contacts list on each device.

      Another advantage of using TB (or any local client) as the primary tool to read your emails is that you don’t get any of the ads that Gmail normally adds to the page if you view them in your browser.

      Also, I have a filter in my Gmail account that forwards nearly everything to another of my email accounts, with another company, that is used only for backing up the Gmail account. This is more to protect against the possibility that my Gmail account might someday be hacked and I would be locked out. Yes, I have set up all the recovery methods that Gmail offers but it’s belt and suspenders for me.

    • I’d guess that, for whatever reason, Thunderbird isn’t deleting the messages it has tagged as spam from the server, and so your phone downloads them along with all your other email. Maybe somebody who uses Thunderbird – I don’t – can confirm which settings you need to check/adjust.

    • It sounds to me like you have Thunderbird, on your laptop, picking up the email using POP3 and leaving a copy on the server. The phone is using IMAP and syncing with the server. All the spam filtering that Thunderbird is doing is happening locally on your computer and not syncing with Yahoo.

      What you need to do is get your computer using IMAP. Here’s an article on how to set that up:

      Here’s an article with Yahoo’s IMAP settings:

  13. Leo,
    Thanks so much for this explanation about Free Email Accounts. Now I understand why 2 of my friends have lost access to their Yahoo Email Accounts. It has just mystified me and cost me time trying to figure it out. Now I can just let it go. Of course I will take more steps to protect my Gmail account.

    • Not really. Even if development stopped today (which it will not), it’s a solid email program and will work for a long time as-is. In reality, Mozill’a “drop” of Thunderbird is actually moving Tbird to a separate open source project that Mozilla will no longer be part of. There will be turmoil during the transition, but I’m hopeful that enough people who care will continue supporting the project.

  14. I teach seniors the basics and help with other questions. I explain the difference between web mail (aka gmail, hotmail and others) and using a computer based email program, (Thunderbird or Microsoft Outlook). There are pros and cons but the biggest pro is that your email using computer base email programs is that you have the email INSIDE your computer, not somewhere in the ether. My opinion only.

  15. I use Thunderbird and, increasingly, Mail. Every day I have to clear out a host of spam and scam emails from Thunderbird. In Mail I have an Outlook account and the same account that is used in Thunderbird. I virtually never get spam in either. Why does the same account get spam in one email account and not in the other?

  16. While the facts of this piece may be accurate, it seems a little dated to me. Maybe I’m deluded, but I’ve been a Gmail user since the first year it was offered and find it the best service out there. I think the security measures that are in place are sufficient, or maybe I’m just lucky, but there’s no way I would consider going to another service at this point.

    • It’s a brand new article, for what it’s worth. And I’m not suggesting you move – what I insist on, though, is that you use it safely. Even for Gmail (which I use myself, constantly), there is no customer service, so when something goes wrong you’re still on your own.

    • “I think the security measures that are in place are sufficient, or maybe I’m just lucky, but there’s no way I would consider going to another service at this point.” – I agree. Gmail security is about as good as it gets at the consumer end of things. In fact, I’d say Gmail is likely more secure than an ISP’s email system. And as for support, Google does provide contact options for a number of common problems – such as account lockout. Additionally, I have no idea what Leo means when he says that mobile phone two-factor authentication is not two-factor authentication. Of course it is!

  17. well said.
    Although I’ve been using these gmail accounts (due to an intense dislike for the only ISP available in this area) without any trouble due to some things which you don’t mention; 1 – do not allow e-mails to be stored, rather save these e-addresses in a .txt document stored on the machine … takes mere seconds to access those you wish to use for any new message; 2 – choose a pen-name & definitely do not place personal data on-line; 3 – rather than merely responding to an e-message, click ‘forward’ then add whichever e-address(es), then respond to the message – & delete all the excess e-addresses, … which have built up in the message; 4 – use BCC, rather than placing a group of e-addresses for all to view; and
    5 – always think before acting!!!

  18. Thank you, Leo, for everything you do for us. As you note, buy a website domain and this will give you a PERMNAENT email address! I know many self-employed people who use the email address their ISP provides. If they ever switch ISPs, much of the time and $$ they spent building their brand is GONE because now they have to get a new email address from their new ISP. When your email address is me@, you can take it anywhere and keep it forever! 🙂

  19. I have used hotmail since 2000. I use a desktop email program to download my mail. I use multiple boxes, so newsletters (excluding yours) don’t go into my personal email box. I always set email to not show preview automatically. That way I can delete any spam. Since spam never opens up, I don’t get much spam due to spam triggering more spam. Yes, you have to click to open every email. I rather be safe than sorry. I have never had a virus due to email. And protection has prevent anything from opening if I get spyware/adware.

    Years ago I went with hotmail so if I found a better ISP, my mail was never affected. I have changed ISP several times over the years. My email was waiting for me to set up OE or live mail now.

    • “I always set email to not show preview automatically. That way I can delete any spam. Since spam never opens up, I don’t get much spam due to spam triggering more spam. .” – Opening spam doesn’t trigger more spam. Nor can opening email result in a malware infection (opening an attachment, of course, can). While it may have made some sense to disable the reading/preview pane in ye olde versions of Outlook, there really isn’t any benefit at all to doing so now. In fact, there hasn’t been any benefit to disabling it since Outlook 2k SP1 was released more than a decade ago.

        • Yup, but it’s worth noting that all the major email clients and web apps block the automatic downloading/viewing of images and other external content.

          Gotta say, I’ve never seen any evidence of spammers actually using Web beacons – even back in the days when email clients did automatically download and display external content. When you think about it, there’s really no reason for them to do so.

  20. I have used at no cost for something like 10 years, with support. They have Pop3 and IMAP4 wich can be viewed either on line or via an email application like Thunderbird. Might be woth looking into.



  21. You say that the absence of support for no-cost email services is a problem, yet recommend a no-cost email client for which no support is available outside of user forums. Seems somewhat incongruous, no? You’re as much on your own with Thunderbird as you are with Gmail!

    • Ray,

      The email client program is only a housing or container for what goes on in your real email account. Set up as IMAP, it is an extra copy so you have a back up in case anything happens.

      Backing up your mail in Thunderbird should also be re-secured when you back up your whole computer, as the email file will be included in that backup.

    • Perhaps, but problems with thunderbird are typically less impactful than, say, a hacked account. (And I recommend it for backing up … which makes it a secondary layer – a free utility of service makes sense as a backup as well.)

  22. Absolutely brilliant. That’s something I’ve never heard about elsewhere, and certainly not delivered in such a non-geeky way, while at the same time addressing real-world concerns with valuable advice. As opposed to speaking in a condescending manner to supposed noobs, with trivial tidbits of information which can be found all over the place. Very good format.

    I’d personally prefer it in writing, but it’s just me.

  23. I’ve been using free email accounts since the 90s. I’ve changed ISPs a few times since then. I realized at that time that my email address would be lost when switching ISP. I believe using your ISP’s email address can be just as or even more risky than using a free email provider. My first 2 free email providers went belly up, so another good practice might include using one of the services which are unlikely to go out of business soon. I still have my original 17 year old Yahoo account and my old HotMail and GMail accounts and a few others. I’ve been doing all of what Leo has said here, and I have never lost any of my free email accounts.

    • I agree about using an ISP’s email address. Seemed like a good idea many decades ago and quickly revealed it’s difficulties. Ultimately having your own domain (that you pay for) is the most reliable… as long as you never let the domain expire. i still have my original Yahoo, Hotmail and Gmail accounts as well. Following Leo’s advice on keeping recovery information up to date is so important.

    • I agree. I think free email accounts – from a reputable provider 0 are a much better option than ISP email for a number of reasons including reliability, continuity and even security (I trust Google to provide a reliable and secure service more than I do my small, local ISP).

      • Not to mention that if you are paying a good provider (such as Bluehost, Godaddy, 1and1, Hostgator) then you actually have a tech you can call on the phone should things go wrong. In addition I have a full Cpanel control panel where I can manage my email accounts.

        • Both Microsoft and Google provide a range of support options including chat, FAQs and user support forums. It’s extremely easy to find answers and get help.

          • In my experience, and in the experience of 100’s of Ask Leo! readers … not so much. The support forums (both) are poorly “supported” by Microsoft and Google, relying mostly on peer-to-peer support. For the technically inclined that may be an option if you can wade through it all. But for the average computer user the forums are as frustrating as the underlying problem that brought you there. I hear (and see) it frequently. It’s very frustrating for people. And chat? Where are you seeing chat? To the extent that I’ve ever seen it it’s rarely helpful. So, no, I can’t agree with “extremely easy” at all.

          • I would certainly be leary of any kind of chat feature that says it is from a company like Google, Microsoft, Yahoo and the like. Very often scammers put out ads that try to look like part of a webpage. Clicking on chat from an advertisement won’t take you to the real Microsoft.

          • @Leo – Microsoft offers a chat feature; Google do not.

            I think that in most situations, it’s just as easy – if not easier – to get the answer to a problem from Google or Microsoft’s support/self-support/ options as it would be to get an answer from an ISP’s outsourced, overseas support people (“I’m sorry, Mr. Smith, but I think it’s the settings on your router or security software that’s causing the problem, and we can’t help you with that.”).

        • Definitely Leo! I’m a web designer and I manage a lot of domains for people. Yesterday a business in town was having trouble with their SMTP settings so I drove down to their office and fixed their email client for them. Google or Hotmail is not going to do that! If it’s important, it’s worth paying someone.

  24. I have 5 email accounts – one hotmail, 3 gmail and the last with my ISP. The only one I have had trouble of any sort with is the one with my ISP. So much for paid email.

    • That’s not at all surprising. Gmail has close to a billion users, and reliability is one of the reasons it’s become so popular. Using an ISPs email service rather than Gmail/Outlook simply because the ISP offers (usually sub-standard) phone support really makes little sense.

  25. My first free e-mail was Yahoo used at work to correspond with vendors. At home I used, and still use, my ISPs e-mail which has always been the pits, also have a Gmail account, and a Live account. Over the years I used Thunderbird and some other free e-mails, but none of them were good enough for my needs. I then found eM Client and use it for my ISPs e-mail address and it is a perfect e-mail client — IMHO. I use this on my two Windows 7 desktops and my Windows 8.1 laptop. I use TypeMail on my LG G3 phone and it is perfect. eM Client and TypeMail are easily configurable and both can use personal Signature lines.

  26. I use Earthlink for my main email account. I have had them for over 15 years. It only costs $4.95 a month for two addresses. It does a very good job of blocking SPAM. Only email addresses in my address folder gets sent to Thunderbird. No SPAM get sent there. In Thunderbird, I can keep track of important emails. Recently Earthlink added new IMAP service, but I have stayed with the POP3 protocol because I did not see any advantage to switching.
    I have the free ones for MSM, Gmail and Yahoo plus Comcast. I use them to only read emails not send them. There are no address books attached to them.

  27. I’ve always been a big fan of Gmail for several reasons, like for back-up, free abundant storage and being able to use Pop mail with the accounts. I would even like to check my other accounts with Gmail for their great SPAM filtering, as they offer the option, but can’t complete the process because it says my private email account settings are not legit. My email setting works fine with Thunderbird on my desktop and I have verified them, both for checking and sending email. The problem with free is usually no tech support.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.