Email is one of the most widely used forms of communication today. Estimates from May 2009 suggest that around 250 billion, with a "B", emails are sent every day. That equates to more than 2.8 million email messages per second, and some of them are not even spam.

Email is faster and cheaper than traditional postal mail, but at least when you seal that envelope and stick a stamp on it, you can have some confidence that only the intended recipient will open it. With email, however, your message could be intercepted midstream and you might never realise it.

Copies and remnants of your message stored on your PC could be compromised as well. You have to take steps to secure and protect your email messages.

Prying eyes

Your PC provides easy access to your email communications, both for you and for others. Anyone who happens to walk by your system, whether you're in the middle of using it or have stepped away from your desk, could potentially see email messages you are in the process of writing or have already sent, or your incoming email messages.

You need to take steps to minimise the opportunity for passing bystanders to snoop on your email.


For starters, don't leave your email client open, or at least not maximised on screen. Whether you use a client application such as Microsoft Outlook, or a web-based email system like Google Gmail, you should minimise or close the email window when you are not actively using it.

You also need to make sure that snooping eyes can't see what's on your screen when you walk away from your PC for an extended period of time. Many people know to lock or shut down the PC when leaving for the day, and perhaps even when going to lunch, but they might step out to discuss something with a co-worker without thinking about it.

As an automatic security measure to protect your email, as well as the PC in general, you should enable a screensaver (go to Control Panel/Appearance and Personalisation).

Set a delay before the screensaver kicks in, it shouldn't be any less than five minutes because it is not uncommon to go five minutes without touching the mouse or keyboard while reviewing a document or reading a web page, and having the screensaver come on would be an annoyance. Fifteen minutes is a reasonable timeframe. Make sure you check the box to display the logon screen and require credentials when resuming.

This should go without saying, but make sure you have a secure password. Using your dog's name, or that of your favorite baseball team, won't provide much protection. In fact, you should never use any word that can be found in a dictionary, guessing or cracking them is trivial.

Protecting web-based email

Web-based email has the advantage of being available virtually anywhere, any time and from any device that can get on the web. It also comes with some additional security and privacy concerns, though.

On any PC, but particularly on a shared or public PC, such as one in a hotel or library, make sure you log out of the webmail client. Forgetting to actually sign out could allow the next user who comes along to access your email account.

Web browsers maintain a history of visited sites, and a cache of browser data that help them load frequently visited pages more quickly. The history and cache may also inadvertently expose your email messages. When you are done using your webmail, you can go into the settings for the browser and clear out the cache.

Better yet, use private browsing. The most popular web browsers, such as Internet Explorer, Firefox and Chrome, have an option to surf the web using a private or anonymous mode. When you use the private browsing mode, your entire web session is more secure, since no data is retained in the history or cache.

Whether on a shared computer or your own PC, another suggestion is to use an alternate browser. For example, if the default browser for the PC is Internet Explorer, use Firefox, Chrome or some other browser just for your webmail.

That way, if someone else uses the system, they will likely use the default web browser, so using a different browser will reduce the chances of exposing or compromising your email account.

Encrypt your email

No matter how you lock down your PC, or what precautions you take to ensure that nobody can access your email messages locally, the messages still have to travel from point A (the email server) to point B (your PC). As the digital message traverses the Internet, those emails could potentially be intercepted by unauthorised users.

You can prevent your messages from being compromised by using encryption. As long as your messages are encrypted, an unauthorised user that intercepts a message would not be able to actually read it. Without the proper decryption, the content of the message would just be digital gibberish.

For web-based email like Gmail or Yahoo Mail, you can use SSL (Secure Sockets Layer) encryption. Most users recognise SSL-encrypted web pages by the little padlock icon displayed on the browser page or by the fact that the URL begins with "https" rather than "http".

For example, if you connect with Gmail via SSL, the connection between Google's servers and your PC, and the message traffic over that connection, is encrypted and protected from being intercepted en route.

Microsoft Outlook can also send encrypted email messages, but instead of using SSL, it relies on a system of public and private keys. The message is encrypted using your private key, and only recipients that have the associated public key will be able to view the email. The public key can be shared with any recipient, whether they use Outlook or not.

Guidance on the Microsoft Office site explains, "Sending and viewing encrypted email messages requires both sender and recipient to share their digital ID [digital ID: Contains a private key that stays on the sender's computer and a certificate (with a public key). The certificate is sent with digitally signed messages. Recipients save the certificate and use the public key to encrypt messages to the sender.], or public key certificate.

This means you and the recipient each must send the other a digitally signed message, which enables you to add the other person's certificate to your Contacts. Once both parties have shared certificates, sending and viewing encrypted email messages between them is the same as with any other email messages."

After you hit send

The precautions described above will help ensure that prying eyes don't view or access the email on your PC, and protect your messages from being intercepted en route, but what about protecting the privacy of your email even after you send it? Perhaps you have something of a sensitive nature to communicate, and you want to make sure that the recipient doesn't forward or share the message.

Microsoft Outlook has information rights management (IRM) features that let you exercise some control over your messages even after you hit Send. When you are composing an email in Outlook 2010, select Options on the menu bar, then click the arrow under Permission and check the Do Not Forward option.

Recipients who are not using an email client that supports Microsoft's IRM must download the Rights Management Add-on for Internet Explorer to view restricted messages.

Some businesses manage the IRM features from their own servers, but for individuals or businesses that don't, Microsoft can manage IRM credentials and authentication for you. The first time that you use the IRM features, Microsoft will automatically prompt you to register to use the service (to see the IRM screen, click the thumbnail image below).

Selecting the Do Not Forward option for your email message makes the message private between you and the intended recipient. It lets the recipient receive and view the email, but it prevents the message from being forwarded, printed or copied.

Another way to restrict the use of your email message and protect your privacy is to set the message to expire. You can define an expiration date and time for the message, after which the recipient will no longer be able to open or view it.

However, this functionality only works in business settings built around Exchange Server and Group Policy. Setting an expiration for an email sent to an external Yahoo mail account will have no effect.

Be careful never to assume that anything you send digitally is one hundred percent private. There is a saying that you should never say anything in an email, no matter how private you might think it is, that you wouldn't want plastered on a public website.

If you follow the guidance outlined here, you can take proactive steps to safeguard your privacy and at least minimise the chances that unauthorised prying eyes will see your messages.