Awesome-Mirrors/personal-security-checklist
1
0
Fork 0
mirror of https://github.com/Lissy93/personal-security-checklist.git synced 2024-07-05 11:01:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds IMAP backup and email sharing to Email list

Browse Source
This commit is contained in:
Alicia Sykes 2020-04-28 22:06:47 +01:00 committed by GitHub
parent 2011a80245
commit 2567a0d6a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -112,13 +112,16 @@ The big companies providing "free" email service, don't have a good reputation f
--- | --- | ---
**Have more than one email address** | Recommended | Keeping your important and safety-critical messages separate from trivial subscriptions such as newsletters is a very good idea. Be sure to use different passwords. This will also make it easier to recover a compromised account, in the case of a breach
**Keep security in mind when logging into emails** | Recommended | Your email account should be top of your priorities in terms of security. Use a strong password and enable 2-Factor authentication. Only sync your emails with your phone, if it is secured (encrypted with password). Follow [browser](#browser-and-search) and [networking](#networking) best practices when logging in to your account
**Always be wary of phishing and scams** | Recommended | If you get an email from someone you dont recognize, dont reply, dont click on any links, and absolutely dont download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure its addressed directly to you, and still dont give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/).
**Always be wary of phishing and scams** | Recommended | If you get an email from someone you dont recognize, dont reply, dont click on any links, and absolutely dont download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure its addressed directly to you, and still dont give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/)
**Control who has your email address** | Recommended | Control who has your email address - To avoid receiving unwanted spam mail, or being susceptible to a phishing attack, be conscious about who you share your email with. Don't publish it in plaintext online (e.g. in a comment), since bots often scan the internet for any personal details like these
**Disable Automatic Loading of Remote Content** | Recommended | Email messages can contain remote content such as images or stylesheets. These are often automatically loaded from the server. But to protect your privacy, you should disable this, because when your mail client or browser requests this content, your IP address and device information is revealed to the server. For more info, see [this article](https://www.theverge.com/2019/7/3/20680903/email-pixel-trackers-how-to-stop-images-automatic-download)
**Don't Share Sensitive Data via Email** | Optional | Emails are very easily intercepted. Further to this you cant be sure of how secure your recipient's environment is. Therefore emails cannot be considered safe for exchanging confidential or personal information, unless it is encrypted
**Dont connect third-party apps to your email account** | Optional | If you give a third-party app or plug-in (such as Unroll.me, Boomerang, SaneBox etc) full access to your inbox, this makes you vulnerable to cyber attacks. Once installed, these apps have unhindered access to all your emails and their contents
**Consider switching to a secure email provider** | Optional | Secure and reputable email providers such as [ProtonMail](https://protonmail.com) and [Tutanota](https://tutanota.com) allow for end-to-end encryption, full privacy as well as more security-focused features. Unlike typical email providers, nobody but you can see your mailbox, since all messages are encrypted. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services. Other encrypted mail providers include: [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users), [MailFence](https://mailfence.com?src=digitald), [see more](/5_Privacy_Respecting_Software.md#encrypted-email). For a comparison between services, see [this article](https://restoreprivacy.com/private-secure-email)
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) and [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso) are open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. More options include: [33Mail](http://33mail.com/Dg0gkEA), [ForwardEmail](https://forwardemail.net) (self-hosted), [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
**Use a Custom Domain** | Advanced | When you don't own your email domain name, the organisation providing it may not be around for ever, and you could loose access to all accounts that were registered with that email. However with a custom domain, even if your mail provider ceases to exist, or you are locked out, you can take your domain elsewhere and continue to have access to your email address.
**Sync with a client for backup** | Advanced | Further to the above, to avoid loosing temporary or permeant access to your emails during an unplanned event (such as an outage). Consider syncing your emails to a secure device, like your primary laptop, via IMAP. This will not remove any messages from the server, but will ensure you have always got a full offline backup of all important communications
**See also** [Recommended Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email)