This is a major update to what I consider one of my most important articles, dating all the way back to 2004 (with intermediate updates in 2010 and 2013).
My answer has changed from “mostly no” to “mostly yes”, with the following important caveats:
You must understand the costs.
You must understand the risks.
You must prepare for disaster.
You must take responsibility.
I’ll dive into each of these in detail, but before I do, I’ll share one concrete datapoint: all of my email is currently being processed via free email accounts. Clearly, I believe it can be done safely.
I’ve been told by a mailing list moderator that when I reply to a message sent to the list, I need to edit the reply to remove most of the original message. I don’t see where or how to edit a reply. What am I supposed to do?
That’s not an uncommon request. Even though you might not see it, most email programs include the original message as part of your reply. If you don’t edit the reply yourself, your one-line response might be accompanied by the entire original message that everyone’s already seen.
The problem, of course, is that exactly how to edit the entire reply often isn’t obvious at all.
A business I was working with told me that they ‘sent my email address to spam’ because they didn’t like what I was asking of them. Now I’m a smidge worried. If they added my email address to their spam filter, does that mean I’m somehow going to be pegged as a spammer in the larger Internet world? I seem to recall that someone once told me that anytime someone clicks that a message is spam, it’s a strike against you. Enough strikes and we’re in trouble. I don’t remember how many strikes he said it took to be in trouble, though.
So…am I worrying about nothing? Or should I do something about it, if there’s anything to do, that is?
The answer is simple: do nothing.
The reason behind the answer, naturally, is quite complex.
Spam filters – particularly good spam filters – rely heavily on users marking things as spam. In a way, it’s a form of “crowd sourcing”, where the actions of users build a database used to determine what is and is not spam in subsequently received emails.
Where your email is marked as spam, and who is doing the marking, has a lot to do with any potential impact on emails you send in the future.
You’ve mentioned that you back up Gmail somewhere on your own computer; how do you do that?
Of all the current free email services, Gmail is my favorite. I know I’ve railed against free email services as your only email service, but they definitely have their place. And Gmail is the service I recommend.
In part, I recommend it because I can answer this question. Gmail is very easy to back up.
I have a Gmail account that I’ve never used. Because my phone is now a Samsung 3 and interfaces with Gmail, I’m thinking of dropping my Yahoo account. The problem is that when I go into my Gmail account, I find mail from Amazon to a lady in Florida with the same first name as me.
I don’t understand what’s happened. Why, when I enter my name and password, I see emails to her about stuff she’s ordered on Amazon. Her name and address are there as well. When I look in All Mail, I see about 1300 emails, which I plan to delete and start up with Gmail because it’s the browser for my Samsung Galaxy. I don’t know who to ask about these emails from Amazon to this other woman in Florida regarding her purchases. And again, I’ve signed into my Gmail account with my name and password. So, now, I’m afraid to start up a Gmail account and drop off my old email address. Thanks, Leo for any light that you can shed on this problem.
I’ve got a pretty good guess as to what’s going on. I also have some ideas and some advice for what you might want to do about it.
Leo, I’ve got one computer and I’m the only one who uses it. I don’t have any kind of mobile device that I use with Gmail. I never accessed any of my accounts from any other computer or location. Before I shut my computer down, I always go to Internet Options and clear my cache and cookies. I check every box except the top and bottom ones and then I go to disk cleanup where I always check all the boxes and clean up everything. I change my passwords at least once a month on the websites. I use it every day and yet, at least once a week I have to close other sessions in Gmail when I click on the Details. I have a free account so of course it’s next to impossible to get an explanation from Google themselves. Should I be concerned or is this some kind of a glitch in email? This isn’t new; it’s been happening for some time.
It’s actually a pretty nifty feature in Gmail. Basically, it’s telling you where Gmail has seen your account being accessed from. Naturally, it’s a little scary to see things like 1, 2 or 3 other places, when you believe that you’ve logged in from exactly and only one. I’ll throw out a few ideas as to why that might be and what, if anything, you need to do.
Leo, are you aware of Microsoft’s new advertising campaign? If you follow the link, keepyouremailprivate.com/HowTheyDoIt. If true, does it not alter your generally positive attitude towards Gmail? Since I use an email client, Outlook XP/2003 rather than Gmail’s own site, I’ve not been aware of targeted ads. But the allegation certainly worries me. Is it true? Having NSA and GCHQ eavesdropping is quite bad enough without Google joining the party.
Is it true? Sure. I’m quite aware of it and it’s nothing really new at all. And yes, it actually has caused me to lose a little respect, but probably not in the way you think.
I’ve actually lost a little respect for Microsoft!
Leo, in your article about email being hacked and what you need to do, it’s possible that you may have omitted one important problem associated with account hacking: the changed return address. When my Yahoo account was hacked (my own fault, signing in from a fake email), the last thing that I noticed as I restored my account was that they had changed one letter of my name in the return address. If you clicked Reply to any email that I sent out, it went to them and not to my real account address.
Actually, you raise a very interesting and important point. It’s difficult to list all of the things that a hacker could change after they access your account.
I just got this message in my Google email, “Someone recently tried to use an application to sign into your Google account.” The suspicious sign-in was in China, so apparently Google thought it might not be me and blocked it. What I want to know is did this suspicious sign-in actually use my correct password? Or did they just try to sign-in with random passwords hoping to stumble across the correct one?
I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.
Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.
I’m the moderator of a fairly large moderated email list. Recently, we’ve been getting a large number of phishing messages from people who don’t know that their email has been hacked. I’d like to post a special message to the group telling everyone to check their email accounts, but how do they do that? In other words, if no one has specifically told them their address book has been compromised, they aren’t going to realize that this is their problem and they’re going to do nothing about it. Is there a way to tell? I’m getting very tired of informing them one by one and always including the link to your page on what to do if their email has been hacked.
Knowing that your email has been hacked can be very difficult to detect, particularly if you are not moderately tech savvy.
Hackers often go through extra steps to leave as few traces as possible. Sometimes, they may leave some, but it’s not that common. In fact, it’s very difficult, sometimes almost impossible to tell.
My question is somewhat similar to what others have asked before, but this time, I explicitly want to talk about Gmail. As you know, some attachments show a thumbnail of its contents on the email footer. There are times that I receive legitimate emails by mistake, so I open the email to reply and notify about it. By doing that and by being able to see the preview thumbnail, am I putting my computer at risk of malware? I never download things that I’m not expecting, but I’m unsure if just having this “default preview” setting, I may actually be executing whatever there could be without really knowing it.
By now, it’s just good common sense to turn off images in your email viewer. That prevents spammers from using images embedded in a message to confirm that they’ve found a real email address where someone actually reads their email.
Attachments, on the other hand, are a little different. They typically make it to your inbox, and your security depends on your ability to distinguish between safe and unsafe attachments. By now, you should know only to open attachments that you know are safe.
Google occasionally includes preview images of your attachments. Because attachments can be dangerous and images are sometimes an invasion of privacy, is there an issue here?
Not really. In fact, it’s just the opposite. I’ll explain why.