Email Security: Receiver-Side Options

TL;DR

Yes, email receivers can improve security without sender involvement, but it’s not foolproof. Methods include filtering spam/phishing, using strong passwords and multi-factor authentication, enabling encryption where supported (like S/MIME or PGP), reporting suspicious emails, and being cautious about links and attachments.

How to Secure Email as a Receiver

1. Strong Password & Multi-Factor Authentication (MFA)
   • Use a unique, strong password for your email account.
   • Enable MFA whenever possible. This adds an extra layer of security beyond just your password. Common methods include codes sent to your phone or authenticator apps.
2. Spam & Phishing Filters
   • Most email providers have built-in spam filters. Ensure these are enabled and regularly check your spam folder (but be careful opening anything!).
   • Report phishing emails to your provider – this helps improve their filters for everyone.
3. Email Encryption (S/MIME & PGP)
   • These technologies encrypt the email content so only the intended recipient can read it. However, both sender and receiver need to be set up for this to work fully. You can enable receiving encrypted emails even if you don’t send them.
   • S/MIME: Often used in corporate environments; requires a digital certificate. Check your email provider’s documentation on how to import certificates.
   • PGP: More complex setup, but widely available. You will need PGP software (like Gpg4win or Kleopatra) and the sender’s public key.
4. Be Cautious of Links & Attachments
   • Never click links in emails from unknown senders. Hover over the link to see where it actually leads before clicking.
   • Don’t open attachments from untrusted sources. Even if the email looks legitimate, an attachment could contain malware.
   • If you are expecting an attachment, verify with the sender through a separate channel (e.g., phone call) that it is genuine.
5. Report Suspicious Emails
   • Forward suspicious emails to your email provider’s abuse/security address (usually found on their website).
   • You can also report phishing attempts to organisations like the Action Fraud in the UK.
6. Email Client Security Settings
   • Check your email client’s settings for options related to security, such as blocking images from remote servers (this can help prevent tracking).
   • Some clients allow you to set rules to automatically delete emails based on sender or subject.
7. Use a Secure Email Provider
   • Consider using an email provider that prioritises security and privacy (e.g., ProtonMail, Tutanota). These providers often offer end-to-end encryption by default.

Limitations

It’s important to understand these receiver-side measures aren’t perfect:

• Sender Spoofing: Attackers can fake the sender address, making emails appear legitimate. Filters help, but aren’t always effective.
• Malware in Attachments: Even with caution, sophisticated malware can bypass security measures.
• Encryption Requires Both Sides: S/MIME and PGP are most effective when both sender and receiver use them.