Independent email service - Where to go/how

RumRat

Have a look at GMX for your email ...... Their 'Mail collector' service will give you up to ten emails and collect from any account you already have.

Jivesinger

enkoda wrote: »

I have 2-step verification set up on mine so that any hacker would need my mobile phone as well as my password.

Although 2-step verification is definitely worth having, it always seems to me that the weak spot is our mobile phones.

For instance, can your mobile phone access your email? If so, do you type in your password every time? I bet you're unusual if you don't have it saved in your phone.

Also email on phones and some other devices are often set to have an "application password" which gets past 2-step verification - again this is usually saved on the phone.

So once someone has our phones, if they can get past the phone passcode, they usually have access to send and receive emails and our 2-step verification, which is usually enough to hack into our accounts...

enkoda

Jivesinger wrote: »

Although 2-step verification is definitely worth having, it always seems to me that the weak spot is our mobile phones.

For instance, can your mobile phone access your email? If so, do you type in your password every time? I bet you're unusual if you don't have it saved in your phone.

Also email on phones and some other devices are often set to have an "application password" which gets past 2-step verification - again this is usually saved on the phone.

So once someone has our phones, if they can get past the phone passcode, they usually have access to send and receive emails and our 2-step verification, which is usually enough to hack into our accounts...

Firstly, If I were that paranoid about phone security then obviously I wouldn't save any passwords or enable the verification. And with a 6-digit PIN to crack on my phone that becomes irrelevant anyway....

Secondly, a hacker would not only have to obtain my phone, they would have to crack the PIN, which would be magnitudes more difficult than just trying to hack my email password!! If my phone was lost I could remotely wipe it anyway.

The question relates to email security, which gmail has the upper hand on most, if not all, paid-for email providers.

esuhl

Collabora wrote: »

If its just for emails, yes get a domain ( a .uk domain about £10 a year), but you then just need an email hosting plan ( a plan that will just allow you to set up emails accounts) this will be £1 a month. a service like https://www.123-reg.co.uk/email-hosting/personal-email-packages.shtml

No need to pay for a hosting service. Just have your domain redirected to a free email host -- say, GMX or GMail.

Jivesinger wrote: »

My understanding is that if you buy a domain through a domain registration company, you may still need to do something to create a mailbox somewhere in your domain name to initially 'catch' the emails, which you can then redirect to an ISP address.

You just change the settings on your domain to tell it where to send the emails. You don't need a mailbox set up via your domain registrar if you just want email forwarding.

Jivesinger wrote: »

Or maybe Plusnet allow you to host your own domain address directly?

You can't "host a domain address directly" -- that doesn't really make sense... I'm not sure what you mean. You register the domain, and then that points at your hosted email or web (etc.) service.

Jivesinger wrote: »

If so then I suspect this is easier with Plusnet and might be harder to achieve with other ISPs such as BT?

If your domain registrar and hosting service aren't your ISP, then... it doesn't make any difference what ISP you use. They won't know anything about it.

esuhl

enkoda wrote: »

The question relates to email security, which gmail has the upper hand on most, if not all, paid-for email providers.

Have you got a source for that claim? I think other free email providers like GMX are pretty good on the security front, but it would be interesting to see some evidence either way.

I'm not sure I'd want to hand over the content of all my emails to Gmail, anyway, given the ubiquitousness of Google's search engine, and the amount of information that Google will already know about you...

Norman_Castle

I do not want to sign up with Outlook or Gmail to have a standalone service as I find these services are to easy to hack into. Then you get submerged in :spam::spam::spam:

Most, if not all spam is from giving your email address out too freely. If an email address is hacked the hacker will take information. Not add spam.

This will be the same regardless of the email provider.

I've got a gmail account with 130,000 emails in it. I don't remember any spam getting past the filter. The spam folder has never had more than 6 messages in it. Its currently empty although I never empty it.

securityguy

Jivesinger wrote: »

Although 2-step verification is definitely worth having, it always seems to me that the weak spot is our mobile phones. .

Firstly, the set of people who are in a position to steal your mobile phone is vastly smaller than the set of people who are in a position to mount an on-line guessing attack on your password.

Secondly, although the password is stored on your phone, extracting it is not trivial. Therefore, the attacker who steals your phone and is also interested in your email account can only access it from your phone, which substantially limits its utility.

And thirdly, you have a PIN on your phone, right?

The claim that stolen phones are used to access the email of the account holder would require some fairly substantial evidence before it's convincing: most stolen phones are wiped and recycled by low-level criminals.

securityguy

"And with a 6-digit PIN to crack on my phone that becomes irrelevant anyway...."

Even four digit is fine. My iPhone is set to wipe after ten wrong attempts. So someone who steals my phone has a 0.1% chance of unlocking it, assuming that in the meantime I haven't remotely wiped it anyway. Given I don't have nuclear launch codes on it, I'm pretty relaxed about that.

Fruit_and_Nut_Case

Andrewop12 wrote: »

Hey,

Where can I get glass dining table and chairs, ?? CHEAP

Why? Do you need somewhere to sit down and eat your :spam: ?

Jivesinger

securityguy wrote: »

Firstly, the set of people who are in a position to steal your mobile phone is vastly smaller than the set of people who are in a position to mount an on-line guessing attack on your password.

Secondly, although the password is stored on your phone, extracting it is not trivial. Therefore, the attacker who steals your phone and is also interested in your email account can only access it from your phone, which substantially limits its utility.

I was more thinking that you could use the phone to change the password by using the password Recovery process.

I've just tried it - supposing the phone also has access to the secondary email setup on a gmail account, and the authenticator app, then it's fairly easy to change a password.

If there isn't a secondary email, then you have to answer questions, such as when the account was set up (although I'd struggle to answer some of these for my own email account that I've had a while) - which is in Google's favour.

Edit:[STRIKE]My suspicion is that it might be easier on a Microsoft account (eg. hotmail or outlook.com)[/STRIKE]
I've tried the same thing with a Microsoft Account - if you use the authenticator app and assuming the mobile phone's number is also stored against the account, then once you can access the phone, it's trivial to reset the password, using a combination of texts to the phone and values from the authenticator app.

So on that very specific test, I think that's:
Gmail 1 - 0 Outlook.com

But if you have secondary email set up on a gmail account and the phone has access to it, even on a gmail account you could change still change the password, assuming you could access the phone's apps.

securityguy wrote: »

And thirdly, you have a PIN on your phone, right?

Well I do, certainly...