(Chad Perrin, TechRepublic) E-mail security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of e-mail security is ensuring you don’t shoot yourself in the foot. These best practices will help you avoid any mistakes.

There’s a lot of information out there about securing your e-mail. Much of it is advanced and doesn’t apply to the typical end user. Configuring spam filters such as SpamAssassin, setting up encrypted authentication on mail servers, and e-mail gateway virus scanner management are not basic end-user tasks.

The following is a list of some important security tips that apply to all e-mail users - not just users of a specific application. The first five are listed in the order one should employ them, from the first priority to the last. This priority is affected not only by how important a given tip is, but also by how easy it is to employ. The easier something is to do, the more likely one is to actually do it and move on to the next tip. The last five pointers are best practices that will help prevent users from making careless mistakes.

Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought.
At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML - or “Original HTML,” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.

If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail.
This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail for e-mail you want to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services, such as Hushmail, can often be less than diligent in providing security to their users’ e-mail.