TL;DR
Free email providers (like Gmail, Outlook.com, Yahoo Mail) can potentially read your emails, and their partners/affiliates might too. This is usually due to automated scanning for targeted advertising or security reasons, but it’s a privacy risk. Using end-to-end encryption or a paid, privacy-focused provider significantly improves your email security.
Understanding the Risks
Free email services aren’t truly free; you pay with your data. Here’s how partners and affiliates could access your emails:
- Scanning for Ads: Providers scan emails to show relevant advertisements. This involves analysing content, sender, and recipient.
- Third-Party App Access: If you connect third-party apps (like calendar tools or task managers) to your email, those apps may have access to your messages.
- Affiliate Marketing: Some providers share data with affiliates for marketing purposes. While they shouldn’t share the content of emails directly, metadata (sender, recipient, dates) could be used.
- Legal Requests: Providers must comply with legal requests (warrants, subpoenas).
How to Check for Connected Apps
- Gmail:
- Go to Google Account Permissions.
- Review the list of apps with access to your account and revoke permissions for any you don’t recognise or trust.
- Outlook.com:
- Go to Microsoft Account Permissions.
- Review connected apps and remove any suspicious ones.
- Yahoo Mail:
- Go to Yahoo Account Security, then ‘Manage third-party app access’.
- Revoke access for apps you don’t use or trust.
Steps to Improve Your Email Privacy
- Use End-to-End Encryption: This scrambles your email content so only the sender and recipient can read it.
- ProtonMail: A popular, privacy-focused provider with built-in end-to-end encryption.
- Tutanota: Another secure option offering similar features.
- PGP/GPG: More complex but provides strong encryption for any email provider (requires software installation and key management). Example using Thunderbird:
Tools -> Account Settings -> Security tab -> Enable PGP Encryption
- Consider a Paid Email Provider: Paid services often have stricter privacy policies and don’t rely on advertising revenue.
- Fastmail, Posteo, and Mailbox.org are good options.
- Be Careful with Third-Party Apps: Only connect apps that you absolutely trust and review their permissions carefully.
- Use Strong Passwords & Two-Factor Authentication (2FA): Protect your email account from unauthorized access. Enable 2FA wherever possible.
- Review Privacy Policies: Read the privacy policies of your email provider to understand how they handle your data.
Checking Email Headers
Email headers can reveal information about the route your email took, which might indicate scanning or third-party involvement. This is advanced.
- Gmail: Open the email, click the three dots (More), then ‘Show original’.
- Outlook.com: Open the email, click the three dots (More), then ‘View source’.
Look for headers related to scanning services or unusual routing.