E-mail providers and sensitive/financial information

[always_learning]

When DH retires and we move to another state, we will lose the e-mail address we have with our current internet/cable provider. That is the one we use for emails with sensitive/personal information (credit cards, bills, banking, brokerages, etc).

Because the free providers capture and read our mail, we don't want to use those for our private business (ok, ok... it's mostly me who is bothered by it).

We may or may not have another cable/internet company once we move, so on the off chance that we don't, I was thinking about what to do. I know there isn't really any super personal/detailed info in any of the above e-mails, but it still bothers me to have the companies who e-mail financial things to be gathered by data mining and associated with my free e-mail address. It seems to be one more weapon in an ID hacker's arsenal.

Am I being too weird about this? What e-mail providers do you lovely folks use for those sensitive financial things?

 

[GrayHare]

Establish your own domain name with a provider you trust and obtain your email through their mail servers. The cost should be under $100 per year.

 

[JustCurious]

I use Gmail.

 

[Just_Steve]

gmail

 

[OldShooter]

... What e-mail providers do you lovely folks use for those sensitive financial things?

We never send "sensitive financial things" via standard email. Unencrypted emails can be grabbed, saved, and read by anyone with legal or illegal access to the multiple servers that any email travels through. Your endpoint ISP is probably the least of your worries.

If you want to see, open a command prompt and type: "tracert mail.google.com" without the quotes. This should give you a trace of the message path from your computer to google mail. I just did it and saw six stops between the point where my message first hit my ISP and its final point at Google.

(I'm not sure tracert is enabled by default on all computers, but you can at least try it.)

 

[Aerides]

gmail.
And yeah nothing sensitive gets emailed. No bank will even let you, let alone send it to you or give you an email address to send it in. You can't email a form for a new account, for example. secure mailbox uploads or fax (yes fax still) are the only accepted ways to send truly sensitive stuff electronically.

 

[Animorph]

Establish your own domain name with a provider you trust and obtain your email through their mail servers. The cost should be under $100 per year.

This is what I do. Someone like GoDaddy should work, but it's been a while since I looked. You want your own domain and an email hosting service. An antispam feature would be nice too.

 

[OldShooter]

Having one's own domain name doesn't have any effect on message security. The domain name servers are simply instructed to route that domain's mail to your ISP. It's sort of like having a forwarding address at the post office.

The unencrypted messages are still zinging around the internet and available.

DW and I do have our own domain name, but not for security reasons.

 

[jim584672]

gmail.
And yeah nothing sensitive gets emailed. No bank will even let you, let alone send it to you or give you an email address to send it in. You can't email a form for a new account, for example. secure mailbox uploads or fax (yes fax still) are the only accepted ways to send truly sensitive stuff electronically.

GPG is very secure, just no one seems interested in using it. My doc uses a secure web portal for secure stuff.

 

[audreyh1]

We created our own domain name over 20 years ago and use a provider for our email service. We have secondary email addresses through Apple.

Sensitive financial documents are uploaded or downloaded via a secure link with the financial institution. Never emailed.

 

[The Cosmic Avenger]

I'm in IT and I use Gmail for everything. I do own my own vanity domain, but I trust Google more than I trust my ISP (MyHosting.com). My ISP doesn't even have two-factor authentication, but Google does. I do use SMS verification or an authenticator app when I can, but sometimes email is better than nothing. And as I mentioned, Google has access to my email, but even if you hosted your own email server, you'd have to trust other servers through which your email travels, and your own security wouldn't be as good as even a bargain basement ISP, much less Google or another big webmail host.

 

[davebarnes]

Get your own domain name!
This is not rocket science people.

 

[Sunset]

Yep, get your own domain.
The cost for simply having email is cheap.
One place I know (big one) charges $24 per year to give you 25 email address for the domain you pick and the domain price is included in that fee.

Normally just a domain is about $15/yr just by itself, then you need to host it with an isp (or do it at home yourself which is harder). So the price they charge seems pretty good to me. If you only needed 1 email, then many ISP's will allow one for the domain you buy from them and host that domain for free in the hopes that later you will want to add better hosting so you can build a website or get more emails.

Understand that while people talk about buying a domain, or owning a domain, it's really rent, as you have to pay for it each year. (set it on auto renewal or you can lose it).

 

[donheff]

I had a domain name for many years with email and a web server in the basement. Itwas primarily for a family website with an online photo gallery. Then constantly updating the Linux servers became a PITA and I outsourced the hosting to a provider. Then that became a bit of a PITA and Flickr and Google Photos became more convenient than my self managed gallery, so I dumped the web site and the domain name. Gmail is my primary address for "important" stuff and friends these days. Flickr and Google Photos for the images. I keep a Yahoo email account for most commercial stuff. I figured a time was coming when I would screw up my personal domain and I wasn't doing anything much with my web site. Who do you turn something like that over too when you get old?

 

[ChiliPepr]

We never send "sensitive financial things" via standard email. Unencrypted emails can be grabbed, saved, and read by anyone with legal or illegal access to the multiple servers that any email travels through. Your endpoint ISP is probably the least of your worries.

If you want to see, open a command prompt and type: "tracert mail.google.com" without the quotes. This should give you a trace of the message path from your computer to google mail. I just did it and saw six stops between the point where my message first hit my ISP and its final point at Google.

(I'm not sure tracert is enabled by default on all computers, but you can at least try it.)

While this is true, it is also true for every other mail account. Using a private email server will not stop that. Most email servers (including GMail) use TLS encryption, which encrypts the email between sender and receiver.

 

[ChiliPepr]

I'm in IT and I use Gmail for everything. I do own my own vanity domain, but I trust Google more than I trust my ISP (MyHosting.com). My ISP doesn't even have two-factor authentication, but Google does. I do use SMS verification or an authenticator app when I can, but sometimes email is better than nothing. And as I mentioned, Google has access to my email, but even if you hosted your own email server, you'd have to trust other servers through which your email travels, and your own security wouldn't be as good as even a bargain basement ISP, much less Google or another big webmail host.

+1

 

[always_learning]

Thanks for all of the replies! It seems I have a lot to learn and to research.

I guess what I consider sensitive, you all don't, so I'm relieved there. I never email financial statements, bank account numbers, SS numbers, etc.

I was more referring to the mere fact that, say if I use gmail, that they'll know I have an account at Schwab, Vanguard, XYZ bank, and what CCs I have when they send me the notices of transactions/available statements/bills paid.

Also, all three of my utilities email my bills with all of my info in a regular, readable form (name, address, account number, usage, and bill total) and I find it creepy that all of that will be added to my invisible data file(s). One even includes my PIN for online access (no I haven't been able to get them to change this! ) These are the things that bother me about, say, running everything through Gmail or Yahoo.

Establish your own domain name with a provider you trust and obtain your email through their mail servers. The cost should be under $100 per year.

Is there something in particular I should look for regarding the "a provider you trust" comment? I'm starting from scratch and will literally be searching for "how to establish my own domain name".

We never send "sensitive financial things" via standard email. Unencrypted emails can be grabbed, saved, and read by anyone with legal or illegal access to the multiple servers that any email travels through. Your endpoint ISP is probably the least of your worries.

If you want to see, open a command prompt and type: "tracert mail.google.com" without the quotes. This should give you a trace of the message path from your computer to google mail. I just did it and saw six stops between the point where my message first hit my ISP and its final point at Google.

(I'm not sure tracert is enabled by default on all computers, but you can at least try it.)

Yeah, my ISP is a regional company and we trust them more than, say, gmail, but as I said above, the super sensitive stuff is downloaded/uploaded directly and I'm more concerned with it being "in the wild" WHERE I have financial dealing and my detailed utility info.

When we move, we will no longer have access to their e-mail and will most likely end up with, say Comcast, or something. Big company/big data is my thinking, although, I know next to nothing.

I may try your example after I prepare myself for what I might see.

Having one's own domain name doesn't have any effect on message security. The domain name servers are simply instructed to route that domain's mail to your ISP. It's sort of like having a forwarding address at the post office.

The unencrypted messages are still zinging around the internet and available.

DW and I do have our own domain name, but not for security reasons.

So, I'd need my own domain AND my own server? Ah. So, the ISP is more of an issue (potentially) than the e-mail host?

I'm in IT and I use Gmail for everything. I do own my own vanity domain, but I trust Google more than I trust my ISP (MyHosting.com). My ISP doesn't even have two-factor authentication, but Google does. I do use SMS verification or an authenticator app when I can, but sometimes email is better than nothing. And as I mentioned, Google has access to my email, but even if you hosted your own email server, you'd have to trust other servers through which your email travels, and your own security wouldn't be as good as even a bargain basement ISP, much less Google or another big webmail host.

Trust Google with what? Security against hacking? I agree I prefer them over Yahoo. But what about data mining/selling? Isn't that how Google makes their money?

I had a domain name for many years with email and a web server in the basement. Itwas primarily for a family website with an online photo gallery. Then constantly updating the Linux servers became a PITA and I outsourced the hosting to a provider. Then that became a bit of a PITA and Flickr and Google Photos became more convenient than my self managed gallery, so I dumped the web site and the domain name. Gmail is my primary address for "important" stuff and friends these days. Flickr and Google Photos for the images. I keep a Yahoo email account for most commercial stuff. I figured a time was coming when I would screw up my personal domain and I wasn't doing anything much with my web site. Who do you turn something like that over too when you get old?

It definitely sounds like a hassle. I do like the idea of having our own domain for the continuity of e-mail addresses not being tied to our ISP, but since we have gmail and yahoo I guess those take care of that.

I have lots to read and digest. Thanks again, everyone!

 

[The Cosmic Avenger]

I'm in IT and I use Gmail for everything. I do own my own vanity domain, but I trust Google more than I trust my ISP (MyHosting.com). My ISP doesn't even have two-factor authentication, but Google does. I do use SMS verification or an authenticator app when I can, but sometimes email is better than nothing. And as I mentioned, Google has access to my email, but even if you hosted your own email server, you'd have to trust other servers through which your email travels, and your own security wouldn't be as good as even a bargain basement ISP, much less Google or another big webmail host.

Trust Google with what? Security against hacking? I agree I prefer them over Yahoo. But what about data mining/selling? Isn't that how Google makes their money?

They make their money knowing that they have 50,000 users who get mail from Schwab but not Fidelity, so they may offer Fidelity to show Fido ads to those 50,000, but they don't sell the list of email addresses TO Fidelity. I have no problem with this, because I use an ad blocker anyway, and as I've said, whoever handles your mail has complete access to it in the end. Besides Google is providing me with a robust, valuable service at no charge (other than data mining).

To clarify, I do own a vanity domain, but I forward and store all email to those addresses in Gmail, because the storage, filtering, and search functions are really good, much better than anything else I've used. I can always find what I'm looking for rather quickly in my Gmail account.

 

[easysurfer]

My primary email is through my ISP. I also have some AOL emails (as I like my old screen names ).

I the emails set up with 2FA in case hackers get my email passwords.

For really really private emails, I also have a Protonmail email (their free, not premium). But I really haven't used this email as I really don't email very private material like my taxes.

Though I try to be secure, no matter how safe and secure things are on my end, once out of my hands, the data is no longer in my control so to hope for a 100% solution isn't really possible .

 

[jim584672]

Unless the data leaves your machine encrypted it doesn't matter if you run your own domain or use Gmail, it is going to the Internet where it can be read. End to end, done on your own machine, is the only way it is secure.

 

[Animorph]

You may not send anything sensitive, but someone may send something to you. I made a prepaid shuttle reservation in a distant (still U.S.) city. Their reply included all my info, including full CC name, number, date, and the CVV number! Can't get more clueless than that (except trusting them in the first place).

Yes, your own domain is not in itself safer during transmission than Gmail, though there are email servers that are particularly security sensitive. However at least Google won't be looking over your shoulder.

 

[ExFlyBoy5]

We never send "sensitive financial things" via standard email. Unencrypted emails can be grabbed, saved, and read by anyone with legal or illegal access to the multiple servers that any email travels through. Your endpoint ISP is probably the least of your worries.

If you want to see, open a command prompt and type: "tracert mail.google.com" without the quotes. This should give you a trace of the message path from your computer to google mail. I just did it and saw six stops between the point where my message first hit my ISP and its final point at Google.

(I'm not sure tracert is enabled by default on all computers, but you can at least try it.)

Interesting command; I did that and counted 12 stops.

 

[davebarnes]

my ISP is a regional company...When we move, we will no longer have access to their e-mail and will most likely end up with, say Comcast, or something

Why?
Your email provider can be anywhere on the planet.
Off planet is a bit trickier.

 

[ExFlyBoy5]

Get your own domain name!
This is not rocket science people.

What exactly is the purpose of your "own" domain name that people keep bringing up? Several users have already illustrated that is not by any means more "secure" than say Gmail. Is it to simply have a "permanent" email address?

I will also throw this out there.... suppose there is information in your email account that someone would like, for legal reasons. Say, a divorce. Well, when it comes time for the lawyers to fight over the information, the Google folks have a lot more attorneys in the fight than a "regional ISP" would have. It's not that the duty to protect your information is any less at the smaller ISP, it is just that Google is a powerhouse and this can also be a benefit for you.

Last thing. I keep a LOT of personal information stuff on Google servers. Been doing it for YEARS. And while I understand that I am taking a risk on this information being out there, I also know that Google's security is pretty good. Probably a LOT better than stuff on my hard drive that is connected to the web. I also haven't had anything swiped off of Google (to my knowledge), so I think they are doing something right.

Also, if you think that Google is the only one mining your information...

 

[Jerry1]

Have you asked your ISP if there is a way to keep your email address? After I left mine (moved), I still received emails sent to my old address. I wouldn’t think it would cost them anything to keep your email live. Maybe they’ll allow you to keep it for a very small fee.