How to secure your mail?

[Генрих]

In intelligence, and NOT only in commercial, we often use the mailbox method - in the case when it is necessary to organize correspondence (and file transfer) between a limited circle of users .

To do this, it is enough to have an e-mail address on any free Internet mail service and give an access password - to ALL THOSE people - between whom communication sessions will be carried out. Thus - EACH of them (knowing the password) can go into this "mailbox" , even being in different countries and on different continents.

After that, the CAM e-mail address is subscribed to any (not very bulky and voluminous) mailing list, for example - "news" and this "mail garbage" - is accumulated in the inbox.

Correspondence itself is carried out as follows:

At the agreed time (for example, every Tuesday at 19:00), the subscriber writes a letter and - ATTENTION!!! - HERE IS NOT SENDING IT - saves it to DRAFT attached to it, if necessary. At the same time (for example, every Tuesday at 19:30), the recipient enters the mail (using the password known to him) and looks through (created by the subscriber) DRAFT downloads the files, after which - DESTROYS THE DRAFT - source.

Therefore, only ONE e-mail - as a mailbox in the mail. One put - another took.

Since there is no real forwarding between different mailboxes and Internet resources in this case - Not happening - intercepting such mail is almost impossible.

The e-mail address itself - in case of hacking - will NOT give the cracker - NOTHING !!!

There is a very low probability of interception of a letter when it is compiled and saved in a draft - BUT, only if the controlling authorities have control over your computer or the e-mail itself, which is very, very unlikely.

However, if you suspect such control, you can still safely use this method of correspondence - working from open access points - Internet cafes, free wi-fi zones, etc.

Get more security. CLEAN COMP - i.e. cheap laptop and use it ONLY for such correspondence - NOT using for your regular mail ...

And ... YES !!! AVOID encrypted correspondence - THIS is monitored and calculated automatically . At the same time - the WORST OPTION - if your encryption can NOT be cracked by the appropriate software - in this case, most likely, you risk becoming a person involved in a real investigation, even if you transmitted weather forecasts in the encryption.

I don’t think it makes sense to talk about the technical capabilities of SORM-1 and SORM-2, google, if that ...

 

[Бедеров Игорь Сергеевич]

Email Security: 25 Tips
I. Account Management
1. It is recommended that you have at least three mailboxes: for work contacts, for personal correspondence, and publicly available.
2. Since any address over time becomes the subject of spammers, it is recommended to change your email address approximately every 6 months.
3. Close browser windows after completion of work, especially while in Internet cafes, libraries, etc.
4. Clear your browser’s cache, history, cookies, passwords.
5. Do not use regular mail to send confidential and proprietary information.
6. Do not forget that many issues can be resolved by telephone, which is much safer than using e-mail.
II. Work with correspondents
7. Keep the addresses of correspondents in the BCC, and not in the SS, otherwise there is a danger that if one of the computers of the correspondents from your list is compromised, all the others will also be subject to spam.
8. Do not use the "Reply All" button, as this may accidentally send information to the wrong address. Use the "Retry" option.
9. When forwarding other people's letters, it is necessary at least to remove the addresses of other correspondents from the text. Otherwise, in one letter many addresses will be concentrated, as a result, the threat of spam will increase.
10. Timely archive letters, especially of business content.
11. When using mobile access to the mailbox, always remember whether a copy of the letter remains on the server. Otherwise, after deleting it from the phone, the letter will be lost.
12. Do not forget that deleting a letter from the mail client’s folder does not mean its disappearance at all. Letters can be stored for years in archive folders on remote servers and, if necessary, can be restored by professionals. III. Confronting Cheating
13. Do not open letters with the subject type "win the lottery", "inheritance"
14. ("Nigerian" letters), etc. If you have already opened an "unfamiliar" letter, do not succumb to the tricks of phishers. There are many signs by which they can be recognized, for example, impersonal treatment such as "Dear user", etc.
15. Do not send financial and personal information by e-mail.
16. Do not unsubscribe from newsletters for which you did not subscribe: spammers often use subscription confirmation requests.
| IV. Fight against malware
17. Remember that viruses and trojans can come from trusted addresses, for example, if your friend’s computer is zombie.
18. Do not destroy spam, but blacklist these letters.
19. Do not turn off the spam filter.
20. Use antivirus tools with the option to scan email attachments enabled.
V. Fighting hackers
21. Do not share account information with others.
22. Use complex alphanumeric passwords.
23. Encrypt the most important messages.
24. Use encryption for mobile access to mail.
25. Use an electronic digital signature for business correspondence.

https://www.s-director.ru/docs/view/48.html

 

[Darrelldob]

How to secure your mail

Unless theyre encrypted, your files are no more secure than they would be on Windows or Mac. Physical access is root access.

 

[vebmaster]

Gentlemen, I actively use Mail.ru for business purposes. I would not want the information from there to fall into third parties. Recently, a partner was hacked into mail and used the commercial documents that were there, which led to a very ugly situation in relation to our counter-agents. Give some tips on how to avoid this!

- use of a secure password (lower + upper case + numbers, more than 10 characters)
- periodic change of password on the mailbox
- Do not use the same password for all accounts (mail, social networks, forums), passwords should be different everywhere and not be repeated
- do not download or run unknown files
if it is very short.

as an option, enter 1 main account, for example on gmail, and in "Settings" -> "Accounts and Import" add your work other mail addresses. Create a shortcut for this address and add a filter so that mail directed to this email is not placed in the general Inbox, but in a separate folder. Then you will have order and so you can use a lot of mailing addresses in 1 account.
When you need to write a letter FROM the desired address, simply select the email address you need in the From field and the letter will be sent from him, and not from the main account.
On Yandex, this can also be done.
Very comfortably.

 

[Матушкин Андрей Николаевич]

Gentlemen, I actively use Mail.ru for business purposes. I would not want the information from there to fall into third parties. Recently, a partner was hacked into mail and used the commercial documents that were there, which led to a very ugly situation in relation to our counter-agents. Give some tips on how to avoid this!

- use of a secure password (lower + upper case + numbers, more than 10 characters)
- periodic change of password on the mailbox
- Do not use the same password for all accounts (mail, social networks, forums), passwords should be different everywhere and not be repeated
- do not download or run unknown files
if it is very short.

as an option, enter 1 main account, for example on gmail, and in "Settings" -> "Accounts and Import" add your work other mail addresses. Create a shortcut for this address and add a filter so that mail directed to this email is not placed in the general Inbox, but in a separate folder. Then you will have order and so you can use a lot of mailing addresses in 1 account.
When you need to write a letter FROM the desired address, simply select the email address you need in the From field and the letter will be sent from him, and not from the main account.
On Yandex, this can also be done.
Very comfortably.

Thank!

 

[vebmaster]

in order not to forget passwords, you can use a password manager, for example lastpass. It has an extension to all popular browsers and mobile platforms. All that is needed is to remember 1 password from lastpass itself

 

[Орлан]

in order not to forget passwords, you can use a password manager, for example lastpass. It has an extension to all popular browsers and mobile platforms. All that is needed is to remember 1 password from lastpass itself

Well, and hope that the mobile does not glitch. and then this one password will not help).

 

[Виталий Климин]

Gentlemen, I actively use Mail.ru for business purposes. I would not want the information from there to fall into third parties. Recently, a partner was hacked into mail and used the commercial documents that were there, which led to a very ugly situation in relation to our counter-agents. Give some tips on how to avoid this!

Make it a habit, after reading the mail, to delete letters completely, and what needs to be stored elsewhere!

 

[JR Security Consulting Group]

I can recommend two-step authentication. Mile.ru supports this feature, and this is a real setting that prevents hacking.
https://otvet.mail.ru/question/170287001

 

[Vlas]

We agree with a colleague, it is better to use your own mail server

You can configure it and protect it better than a bunch of admins in the mail and / or Yandex? I doubt it very much. So the server security will be worse than theirs. And then what's the point?

There are several ways to open mail. We’ll postpone the methods of opening through hacking the provider (mail service) - we won’t be able to affect the level of server security, but look at the methods of hacking a specific address, from which we can protect ourselves:
1) Make the user himself say the password. For this, technologies such as phishing are used. To do this, create a website that looks like a mailing list and with a similar address, after which, in various ways, attract users of this service to it. Users, thinking that they are on a real mail site, enter their addresses / passwords - and voila!
2) Steal the password from the user. To do this, a Trojan (a program stealing personal data) is handed over to the user and she, having collected all the passwords and appearances from email programs, browsers, notebooks and other things, sends them through the Internet to an attacker.
3) Direct hacking. Bruteforce (brute force attack). Enumeration can be both in the dictionary and in a row of all letters / numbers in alphabetical order. In this way, you can open any mailbox, but depending on the complexity and length of the password, this process can take up to several hundred years.

How to avoid hacking your mailbox? Well, first you need to set the correct password. The longer it is, the better. You should not indicate your full name, license plate number, wife’s age, or phone number as a password — all this information may be known to the attacker. You should also not consider yourself particularly smart and, as a password, combine, well, for example, the name of the wife and the year of your birth or the height at the withers of your beloved mother with the year of birth of the mother-in-law: such combinations have long been known and the attacker will easily check them all by compiling a dictionary. Also, one cannot consider the trick of using a Russian word typed in an English layout as a password: this has long been known and the corresponding dictionaries have long been compiled. Ideally, the password should be as long as possible, contain only random characters in different registers and, if possible (if services allow) numbers and special characters. This will save you from brute force. As for the rest, first of all you need to be careful: always check what and where you enter, to whom you tell your passwords. Secondly, it is imperative to install the antivirus and firewall on the computer and update: the antivirus will provide protection against known viruses and trojans, and the firewall will let you know if some unknown program suddenly appears on the computer and wants to transmit something to someone via the Internet. Well, of course, you don’t need to click without looking at all the links in a row - even if these links came in a letter from your beloved wife.

All this, of course, does not guarantee 100% protection (it is impossible to defend 100% at all - it's like a competition between inventors of armor and shell) - but it will make life more difficult for an attacker, and in most cases it’s completely impossible to open your box.