I spend a fair bit of time helping friends and family keep their computers up and running. At the local coffee shop I’m known as “the security guy”, which usually means answering questions about which antivirus software to buy. But some of the best ways to protect yourself don’t involve spending any money, or buying any software.
One of my favorites is to use different email accounts for different contexts. A lot of security pros know this, but it’s not something we have our less technical friends try. Thanks to the ease of webmail, and most mail applications’ support for multiple email accounts, this isn’t all that hard. Keeping things simple, I usually suggest 4-5 different email accounts:
- Your permanent address: I have one email account that’s been in active use since 1995. It’s the one I give friends and family, and I don’t use it for anything else. No online purchases, no newsletter subscriptions, nothing but those I know and care about. For a long time I got essentially NO SPAM on this account. Ever. I did make the mistake once of letting a local political party get their hands on it, and they screwed up a mailing and the address leaked to a spam list. Learn from my mistake- have one address you give out for your personal email that you never have to change- e.g. Hotmail, Yahoo, or Gmail, and never use it for anything else.
- Your work address: We all have these, and we all use them for personal email. That’s fine, but don’t use it for subscriptions or online purchases.
- An address for buying online when you don’t trust the store: Another Gmail/Yahoo/Hotmail address you use for risky online purchases, and nothing else. That way, if a site you use is compromised you can easily change addresses without too much difficulty. These are the smaller online retailers you don’t really know or trust as much as Amazon and Ebay.
- An address for trusted retailers: This is your Amazon, Ebay, and Apple address- one you use to buy things from major retailers. This can be the same as your permanent address. Let’s be realistic, I use a few major retail sites and have never had any problems with spam or fraud by letting them use my main address. Yes, it’s a risk if they get breached, but it’s one I’m willing to take for a small group of stores I use more frequently. If you do this, make sure you opt out of any of their marketing emails. This is in your account preferences when you log in.
- An address for email subscriptions: This is for newsletters, fora, and other sites where your email might not be private.
I also often use throwaway addresses. These are temporary accounts I set up for high-risk things like certain forum subscriptions and email lists that I know will end up in the hands of spammers.
There’s one kind of address you should never use– the one your ISP (Internet Service Provider) gives you. Not only do these seem to end up on spam lists more often than not, but you may to change your ISP more than you anticipate. If I have to update my address book for someone moving/changing addresses, it’s almost always because they’ve used the email from their ISP. These other services are free and easier to use, so there’s no reason to use an ISP account.
This might seem complicated, but it’s really easy. Just go to one of those services and set up some free accounts. For each one, write down the username and password twice- once on a piece of paper you keep near your computer, the other you keep with your important papers (except your work password). I know most security experts tell you to never write your passwords down, but as long as it’s on paper (not in a file on your computer) and reasonably safe in your home the risk is low (however, don’t do this with bank account passwords!).
Then launch Outlook Express, Mail.app, Eudora, Thunderbird, or whatever email program you use and add these accounts using the instructions from whoever you set up the account with. It usually takes less than a minute, and gives you one place where you can read all your mail.
Personally I have over a dozen accounts, but I’m both paranoid, and like having all my different email lists go to different accounts to make reading them easier. For the rest of you, somewhere between 4-6 accounts can reduce the spam you get, especially on your personal email, and even reduce the chances of fraud.