Email wasn’t initially designed to be secure(new window). From spam(new window) and phishing attempts(new window) to malware(new window), unethical marketers and cybercriminals try to undermine the security and privacy of your inbox every day. Since your inbox stores plenty of sensitive information about your interests, contacts, work, and daily schedule (such as online shopping receipts, hotel bookings, and event invites), these cyberthreats pose a serious risk to your email security.
Fortunately, you can still take precautions to secure your emails. Here are nine top tips to keep your emails safe.
1. Use a private and secure email service (like Proton Mail)
Most popular email providers don’t provide adequate protection for your emails. Until 2017, Gmail was still reading your emails(new window) to target you with personalized ads. Today, it tracks your online purchases(new window), scans your emails to enable smart features, and keeps a record of almost everything you do(new window) in its apps.
The best way to prevent your email provider from reading your emails is to use an encrypted email provider, such as Proton Mail. Encrypted email providers use end-to-end encryption(new window) (E2EE) and zero-access encryption(new window) to secure your messages, ensuring they can only be read by you and your recipient.
As the world’s largest encrypted email provider, we make sending fully encrypted emails easy and intuitive. All of our encryption happens in the background — all you need to do is compose your email as usual and hit “send”. Besides E2EE and zero-access encryption, we’ve also equipped Proton Mail with other advanced security features.
2. Block spy pixels and trackers
Most marketing emails you receive, including newsletters and other promotional materials, contain invisible spy pixels. When you open an email containing a spy pixel, it records sensitive information and sends it back to the sender. This information can include:
- If and when you opened the email
- Your device type and operating system
- Your IP address and location
This sender then uses this data to profile you and target you with personalized ads.
At Proton, we believe you should be able to read your emails without worrying about who’s spying on you. With our enhanced tracking protection feature(new window) (which is enabled by default), all spy trackers are automatically blocked, allowing you to view images in your emails safely while keeping your email activity private. You can also click on the shield icon at the top right of the email to see the blocked trackers.
3. Use a strong password and password manager
A strong password provides essential protection against unauthorized access to your inbox. Every password you create for your online accounts should be unique and complex enough to deter hackers.
Since remembering complex passwords for all your online accounts is impossible, using an open-source password manager(new window) is the easiest and safest way to manage all your passwords. A password manager generates and stores strong passwords for you, so all you need to do is to remember the master password(new window) that unlocks your password manager.
4. Be wary of phishing scams
Cybercriminals use phishing emails(new window) to lure you into clicking on malicious links, opening fake attachments, and disclosing sensitive information. They impersonate a well-known brand or someone you know, leading you to believe that these emails come from a trusted source.
Thankfully, it only takes a little common sense to protect yourself against phishing scams. If you receive an email that looks suspicious (for example, one that insists you take urgent action immediately), or comes from an unknown sender using a non-official email address, don’t click on any links or open any attachments. Report the email to your email provider immediately and block the sender.
If you’re using Proton Mail, you’re automatically protected from phishing scams with PhishGuard, a set of advanced technologies specifically designed to combat phishing. If a phishing email lands in your Proton Mail inbox, you’ll see a red warning label at the top:
You can also use Proton Mail’s link confirmation feature to inspect URL links before opening them in your browser.
5. Enable two-factor authentication
Two-factor authentication (2FA)(new window) adds an additional layer of security to your email account by requiring you to prove your identity when you sign in. This means that even if your password is leaked or stolen by a hacker, they won’t be able to access your account.
When you enable 2FA, you’re typically asked to download an authenticator app on your mobile device, which generates random, one-time codes you’ll need to sign in to services. You can also use biometric 2FA methods, such as Passkey from Apple which requires you to use FaceID or TouchID to sign in. However, hardware security keys, such as YubiKey(new window), make for the easiest 2FA method, since you don’t need to download an additional app.
At Proton, we support two 2FA methods:
- One-time passcodes generated by authenticator apps
- Security keys, also known as 2FA keys or hardware keys, as long as they adhere to the FIDO2 standard
After setting up your 2FA, safely store any emergency list of codes, and learn how to back up or transfer your 2FA account to a new device if you switch to a new mobile phone. While 2FA might seem like a small measure to incorporate into your digital hygiene routine, it substantially increases the security of your email account.
6. Set a password on your emails
Even if you use an encrypted email service like Proton Mail, if the person you’re writing to uses a standard email service, your messages in their inbox could be scanned, accessed, and read at any time. Some email providers allow you to protect your emails with a password. If this feature is available and you know the person you’re writing to doesn’t use an encrypted inbox, you should set a password.
All emails sent and received between Proton Mail addresses are automatically encrypted with E2EE. This means only you and your recipient can read your messages, and you don’t need to password protect them since they’re fully private. However, if you’re sending an email to a non-Proton Mail address, you can easily use our Password-protected Emails feature to send a secure, end-to-end encrypted message to any email address. You can also set a message expiration timer to determine how long your recipient should have access to your email.
7. Block spam and unwanted senders
From annoying spam newsletters to overly persistent salespeople, there are certain senders whose messages you don’t ever want to see in your inbox. For these situations, it’s better to simply block them and never worry about unwanted attention again.
Thankfully, if you’re using Proton Mail, you can block a sender in just a few clicks. The block applies across all platforms, including the Proton mobile apps. Likewise, you can also use our spam and block lists to customize existing spam and block filters for granular control.
8. Protect your real email address with aliases
Your email address is part of your online identity, and you should keep it safe. There’s no need to give out your real email address if you don’t have a reason to, and you shouldn’t post it on public platforms, such as in a social media post.
The best way to protect it is to use an email alias(new window), which is an additional email address that can help preserve your privacy and reduce spam. All emails sent to your email alias will arrive in your existing inbox, and you can also choose which email alias to use when sending emails.
You can have different aliases for different purposes — for example, one for online shopping and one for newsletters. If you need to create an email alias while signing up for an online service, simply tack on a plus sign (+) to your username. If your email address is firstname.lastname@example.org, your email alias could be email@example.com.
In Proton Mail, you can create email aliases in three ways:
- With the plus sign (+) method described above (without needing to create new email addresses in Proton Mail)
- By creating a new email alias in your existing Proton Mail account
- Generating email aliases with SimpleLogin
Depending on your subscription plan, you can create at least 10 additional email aliases, either with a Proton Mail domain (@proton.me) or your own custom domain (@bobsmith.com). You can also use our SimpleLogin browser extension, web app, and mobile app to create anonymous email addresses whenever you sign up for a new online service.
9. Sign out of your email account
It’s always a good idea to sign out of your email account when you’re not using it, especially if you’re logged in on a public computer or a shared device. If you don’t sign out of your email account, there’s a risk that someone else might read your emails or interfere with your account settings. They could even send abusive messages to your contacts while pretending to be you.
We also strongly recommend using the private browsing mode (also known as incognito mode) to sign into your Proton Mail account. Select the Keep me signed in checkbox only if you’re using your personal device that nobody else has access to.
The best way to secure your emails
Since our launch in 2014, one of our goals at Proton has been to make online privacy accessible to everyone. If you’d like to send fully encrypted messages and enjoy a more secure inbox, sign up for a free Proton Mail account. Together, we can build an internet where privacy is the default.