E-mail Security: Gmail vs Neomailbox, Hushmail, etc.

For most users, Gmail, Yahoo Mail, and Hotmail are the obvious choices given their prevalence, integration with other services, sleek user interfaces, ever-increasing feature lists, etc. It’s hard for a small provider to compete with the market dominance of those stalwarts. However, there are some differences that give other providers a leg up, including:

1.) Encryption of the emails. SSL provides a secure channel between you and the provider, but does nothing to protect the email on the provider’s servers or after the email is sent to the recipient. You can encrypt the emails yourself, a feature that an increasing number of email clients support, but some providers provide that functionality via their webmail interfaces and may even encrypt/decrypt them automatically. (The latter means your email provider must be given a copy of your passwords/keys, which is often undesirable.)

2.) Access restrictions. Instead of sending your email to the recipient outright, the provider may send him/her a link to the provider’s website where the recipient must enter a password you chose in order to access the email. This means you may be able to set a limit to the number of times the email is accessed, prevent it from being forwarded, restrict viewing to a certain time/date span, etc. And if the recipient has the same provider, or the recipient’s provider has a partnership with your provider, the recipient may never need to leave his/her inbox to access the content, a more convenient alternative to following a web link.

3.) Country of business. Much like many people choose to store their earnings in Swiss bank accounts due to the strict banking privacy laws in Switzerland, some like to have an email provider with no ties to the US or another country. That makes it harder for a company or government to obtain a search warrant to obtain your emails, access logs, etc. from the provider.

4.) Anonymity. When you send an email, it typically includes your IP address, which tells the recipient your internet service provider and an approximation of where you live. In addition, once the recipient has your email address, he/she can use it to spam your account. However, some providers display their company IP address instead of yours to protect your identity and also offer disposable email aliases to protect you from spammers.

Of course, there are many other ways a provider can differentiate itself, but those are four of the top security-related aspects to consider.

Most are satisfied with a provider that uses SSL to encrypt data transfers between you and the provider, in which case Gmail would qualify. In fact, Gmail offers corporate and university services, with some of the leading employers and universities abandoning their Microsoft Exchange servers in favor of Google’s cost-cutting alternatives. At the same time, however, many companies and universities take the position that no email account is secure enough for sensitive communications, reserving them for traditional mail, phone calls, and in-person communication.