Although I am a security student, I am not a security expert. Furthermore, this post only documents a few of the things needed to ensure your emails are secure. Please read my general disclaimer.
Custom domain names are more professional than a third-party provider like “@gmail.com.”
Depending on how you implement the domain, there can be security concerns. For example, if you use a nonstandard email setup (i.e., configuring Thunderbird or using custom APIs to handle mail from your domain name), you may have configured insecure protocols during startup or followed tutorials that offer convenient but irresponsible advice.
There are three protocols commonly used for email: the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP). All three use TCP. Message transfer agents—such as mail servers—use SMTP to send and receive email messages. POP and IMAP access electronic mailboxes (also known as “mail user agents” or MUA).
As of 2022, SMTP is the standard protocol used for transferring mail. You probably use this daily if you connect to your email through a browser. If given the option, use TLS rather than SSL, which provides more security for SMTP.
POP and IMAP
Some institutions disable POP and IMAP by default. However, if you are interested in using a traditional desktop client (e.g. Outlook, Thunderbird, iPhone), you will probably need to configure it. Note that IMAP has more clout than POP. IMAP stores your emails on a server, while POP downloads them to your MUA. If your device is lost, you will have copies on a server if you use IMAP.
Setting up custom email domains is difficult. If you are worried about navigating security effectively, I recommend holding off on setting up your email until you have time to seek guidance or figure it out.
To learn more about how email works, I recommend reading Mail terminology: MTA, MUA, MSA, MDA, SMTP, DKIM, SPF, DMARC.
If you are interested in this topic, Glenn Messersmith writes about Hacking WordPress Emails and other fun WordPress features and misconfigurations.
Formatting, grammar, and wording
Greetings are a great way to personalize emails, so I feel like this is the sender’s choice. I use “hi” in all circumstances, but there are other options. In written letters, I may use “dear,” but that is it.
|Cliche Finder||Finds cliche phrases in writing|
|Copyscape||Plagiarism checker. Does now work well, but it is the only free and reliable plagiarism checker I’ve found.|
|Hemingway Editor||Similar to Grammarly, but all of its features are free.|
Many folks value formal and accessible email signatures. Formal email signatures match the font style, size, and color of the rest of the email. They also include a formal closing like “sincerely,” or “regards.”
Accessible signatures are compatible regardless of client. Unfortunately, many email clients can’t process signatures with icons, photos, and embedded links. As a result, text-based signatures with standard fonts, indenting, and coloring work best.
Additionally, I recommend including the email address in the footer because many email clients (i.e., Outlook) only shows the sender’s display name; it’s even more common for email clients to do this when you forward emails. By including the email in the footer, it is easier for recipients and forward-ees to start an email with you regardless of client.
|Text style inconsistent with the rest of the email||Looks strange||Use a default font|
|Custom colored font (i.e., orange or pink)||Themed email clients that incorrectly process the colored text, making it unreadable. Dark mode is a common example of where this happens.||Use default coloring; usually the default font color on your email client.|
|Images, icons, and links||Bad formatting on other email clients. This is extremely common.||Avoid images and icons. Include a full link that is also embedded. |
– (bad) http://www.oliviagallucci .com
– (bad) website
– (good) www.oliviagallucci.com
Here, users can click your link if the client allows it. If it doesn’t, they can copy the text and paste it into their browser.
|3rd-party designers||Embedding links or other information you don’t want in your email||Don’t use em!|
Olivia A. Gallucci
Double-BS Computing Security + Computer Science ’25
P: 908 301 6852
– How to End a Letter (With Closing Examples) by Alison Doyle at The Balance Careers
– How to Write a Great Email Signature [+ Professional Examples] by Lindsay Kolowich Cox at Hubspot
– Should you include an email address in your email signature? by Gordan Banjac at Gimmio
If your brand routinely needs to provide disclosures and notices, that is a great thing to put under the signature of your email.
Here is a standard confidentiality notice by the University of Hawaii:
CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
Here is one Cyber Defense Magazine uses on its website:
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Under 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting job openings at no charge at our website Cyber Defense Professionals. All images and reporting of job openings are done exclusively under the Fair Use of the U.S. copyright act.
This post was written for IGME 599, an Honors FOSS Independent Study (Summer 2022).