Yep. It’s long but so worth it.
The two email providers we recommend
- Google Gmail
- Ex. email@example.com
- Microsoft Outlook
- Ex. firstname.lastname@example.org
- Ex. email@example.com
- Ex. firstname.lastname@example.org
- Ex. email@example.com
- You may also have an email address using a custom domain such as someone@my_business_name.com that is managed by Google or Microsoft. For business use, although Google was the first out of the gate with truly hosted business email, Microsoft has overtaken them and is our recommended business email provider. However, changing email providers is a big, big deal and not to be taken lightly.
All other email providers are bad, with some worse than bad. If your email is working good enough, it can often be a bigger pain to change email providers than it is to just deal with the one you currently use. Maybe it works fine for you. If so, by no means should you change.
Many times people will use the email services provided by their Internet Service Provider (ISP), such Comcast, ATT, Mercury, etc. You pay them for your Internet service and also use them for your email. We have found that Internet Service Providers email services are, shall we say, less than optimal. It is perfectly acceptable to use any available Internet provider to get on the Internet, but use Google or Microsoft for your email, if given a choice. However, I will repeat, often, if your email works for you, don’t change. Changing email is a big pain informing the entire world and all the online vendors about your new email address.
Universal Email Truths
- Every email service will give you trouble, eventually.
- Write down all passwords, accounts, answers to secret questions, etc. YOU WILL NOT REMEMBER THE SIMPLEST OF ANSWERS!
- With every change to your account, write it down! Always keep your old passwords documented. There are reasons to keep track of old passwords.
- Internet providers such as ATT, Charter, Comcast, etc have poor email services. You may need one to log into your account to check billing and things, but try to avoid making it your primary email account. Again, if it works for you, don’t change a thing.
- Email addresses are not secret. Anyone can send email to any address, either by discovering it or guessing. Someone out there probably has a “firstname.lastname@example.org” account. I can send SPAM to it if I choose to.
- Guard your email address with your life. Giving it to any company when ordering risks it being sold to spammers. Using a second, junk email as a SPAM collector is a viable option. Only offer your primary email to banks or trusted vendors. SPAM can get so bad that you must stop using the email account and be forced to create a new one. A big pain.
- When ordering products, always look for and un-check boxes that give permission to the vendor to send you SPAM.
- If your email is working to your satisfaction, nothing needs to be done. Changing email addresses means telling everyone who matters to use the new email – a herculean task. You must log into all your vendor sites such as your bank, Facebook, Instagram, etc and try and figure out where to change the email address.
- Always keep access to your old email address. Don’t cancel it if possible. There will always be someone still using it.
- You may use the old email address as a SPAM collector, only to be given to questionable websites and vendors.
- Never type your email address into posts, comments, Instagram, Facebook, Twitter, etc.
- Recovering passwords can be greatly simplified by having a recovery email address or phone number associated with the email account to prove you are the rightful owner. We spend hours a week hacking into accounts with forgotten passwords.
- Never respond to an email asking you to log into your account based on some purported “security issue” or “shipping problem”. It’s fake and being used to steal your password after you freely give it to them.
- Ignore most every email you get. Really try to ignore attachments. Really really try to ignore cool, funny, important links in emails, especially from unknown individuals or from known individuals with a weird request like “send money”.
- Again, very important. Never shut down or cancel an old email account if possible. You may need it for recovery purposes or some person or vendor still uses it. Simply abandon it and refer back in the event you need to. Keep the login information handy at all times.
- There are very few instances of “hacking” into an email account unless you are tricked into giving the bad guys your account and password information.
- Always, always, always use different passwords for all your accounts. Using the same email and password means that if one account you log into is compromised, all your accounts are compromised.
- Again, we spend hours every week gaining access to accounts with forgotten or lost passwords, recovery numbers, secondary emails, unknown secret answers, etc. We never intended to become hackers but we can, one way or another, gain access most of the time. However, it’s becoming increasingly difficult due to enhanced security measures being implemented.
- All email accounts use passwords. Often times we are told that a password was never used to get email. In fact, it was used one time, saved on the computer, and never used again, until it is needed for any number of reasons. Write them down. Write down the answers to secret questions. You know the drill.
- Again, to re-iterate, very few email accounts are “hacked” directly. Like any hacker, we gather information one way or another to try and break in. Our advantage is that we work with the customer where an outside bad guy has to figure it out or use trickery to gain information. It’s not like the movies. It’s difficult to “hack” anything, but it’s made much easier when the owner of the account freely gives up their account and password information, or makes the answers to secret questions easily guessable. For example, you live in Wisconsin and the secret question is “What’s the name of your favorites sports team?”. Even the dumbest of hackers will know the answer: “Packers”.
- If you are a glutton for punishment, we have more password tips and tricks.
How does email get “hacked”?
Contrary to popular belief and crappy “hacker” movies, hackers cannot break into someones email account simply by sitting in front of a computer and 30 seconds later they’re in. That’s assuming you were not tricked into simply giving them your account and password information to begin with.
Instead, accounts are compromised in any of the following ways:
- You get an email saying a problem has arisen in your account and you should click somewhere to enter your account and password. In fact, the site you entered the password into is fake and you just sent your account to the bad guys. If you are suspicious of an email go directly to the website it supposedly came from and log in normally.
- You get a phone call out of the blue saying “X company” detected a problem with your computer and needs to log in – and you let them. It’s fake. Hang up and go about your day.
- You get a sudden message on your screen saying all hell has broken loose in your computer and you must call a certain number immediately or you will die. No. It’s just a fake website made to look scary. Normally a computer reboot will clear it up. When asked if you want to restore your previous web pages, do not.
- You search for a tech support number for your printer, or whatever, on Google and call the first number that shows up. It’s a fake number and they will pretend to be whomever you want them to be. You are talking to scammers, not the company you intended to talk to. Why Google allows this to happen is beyond me.
- Someone breaking into your email provider or vendors database. This means they tricked someone at your vendor into giving them access to their database of accounts. Made worse if the database did not encrypt their customers passwords.
- Someone breaks into one of the services or vendor you have used in the past, gets your email and password, and since you use the same email and password for everything, they have access to your entire online presence including banks, Amazon, or whatever.
- Under rare instances, there will be a known or unknown security flaw in the programming used by the vendor that is used by the bad guys to gain access to the password database. Not much you can personally do about that except to minimize the damage by using different passwords for all your logins.
- Bad guys can gather publicly available information to try and reset you password. Some websites will use secret questions to prove you are the rightful owner of your account. If you answer truthfully, such as mothers maiden name, favorite sports team, etc, anyone can answer those questions and get into your account. Example: “Who is your favorite sports team?”. If you are from Wisconsin, it’s the “Packers”. Everyone knows this. Even the bad guys. Solution: answer secret questions with lies or gibberish. Make sure you write down all answers clearly with proper case. You will not remember the most basic of answers. What is your wife’s maiden name? We had a guy who could not answer that question the same way he entered it when the account was set up.
How to view your email
To view your email, there are several ways to do it
- Use a program installed on your computer or laptop that retrieves your email such as Outlook Express ( Very old ), Outlook, Windows Live Mail ( Getting very old but finding that it still works in most cases ), Thunderbird, etc. Windows 10 comes with a built-in Mail program we find to be a very poor design, but it integrates well with Microsoft email accounts ( Hotmail, MSN, Outlook, and Live ).
- Another way is to start your browser and go to the website that holds your email such as gmail.com, att.net, yahoo.com, etc. You then enter your email address and password. How the email is presented to you is determined by the website design. It’s typically much more limited than, say, Outlook, and not many people like it. We have found that Gmail.com is, once you get used to it, pretty good for those that use a Gmail account.
- Mobile devices typically have a generic, built-in mail application that can be used to read your email from any provider. Some email providers such as Gmail, Outlook, Yahoo, etc have apps available that are specifically optimized for their email service. Microsoft and Google have the best phone and tablet email apps. Yahoo is pretty good also, but their email service is lacking. The apps may also be able to retrieve mail from other providers, so you only need to use one app for all your email accounts.
Most of the email companies want you to log into their website and read your email that way. Some refuse to support email programs such as Outlook or Live Mail, such as Charter. They have no desire to figure out why your email program is not working. However, you can still configure Outlook or Live Mail to read Charter email, they just won’t help you if there are problems.
We have found that Outlook 2013 or later is the only email program that works good for most email providers. In addition, Outlook integrates perfectly with their email system which includes “live.com”, “outlook.com”, “msn.com”, and “hotmail.com”. It was not always this way but they have made tremendous progress and we highly recommend using the Outlook program if you don’t want to view your mail in your browser. It’s a paid program so if you didn’t buy Microsoft Office at some time, you cannot use it.
Let us re-iterate
If you are not having any trouble with your email, CHANGE NOTHING!
Changing your email address
Changing your email address is a very big deal, especially if you use it for important things like logging into bank sites. The number one rule, if at all possible, is to never lose the ability to log into the old email address for the following reasons:
- You may be using it to recover other accounts when the password is forgotten.
- You can use it as a junk collecting address when logging into sketchy websites.
- Even if you think you have changed the entire world, family, friends, vendors, etc to a new email address, you haven’t unless you kept insanely meticulous records of all your logins. You haven’t. Guaranteed.
- When signing up for a new email address or account, make note of the date and write it down.
Countless times we have instances of a customer unable to log into some website. When we attempt to reset the password, it references a long forgotten, canceled, or no longer existing email account to reset the password with. Again, you must keep access to any old email addresses at least until you know for certain that all your accounts are using the new email address to log into with and/or reset lost passwords. Our ability to gain access to accounts is exponentially more difficult when a recovery phone number or email account is no longer accessible.
Preserve your old email address forever, if possible, or at least long enough to change any accounts that use the old address as a recovery option. This can be impossible if your change Internet providers and used their free email service. Once the Internet service is cancelled, the email address goes with it. It’s why we don’t recommend using your Internet providers email address. Google Gmail or Microsoft’s Outlook.com only. They will work with any provider.
Do the following when creating or changing your email address
- Decide ahead of time who will manage your email – Google or Microsoft. Gmail is an excellent, general purpose, free email service. If you are a user of the Microsoft Outlook program, Microsoft would be the vendor to go with.
- Decide ahead of time what your email address might be. Many times the email name you want to use is taken. Make the address as easy to understand and short as possible. Frustration builds quickly trying to write down a 25 character, nonsensical address, with a lot of “d’s”, “b’s” and “v’s” in it so it must be spoken militarily. You know, instead of “d, b, v”, which all sound the same, it must be stated “delta, bravo, victor”.
- Try starting with the standard “email@example.com” and tweak on it until you get an unused one, such as “firstname.lastname@example.org”, or some such thing.
- For at least 6 months or more, monitor who is still using your old email address and ask yourself do you want them to know the new one. It may be a spammer so you don’t care about them. If it’s someone important, use the message to remind yourself to go to the website that sent it and change the email address or notify the user of the new address.
- Take your time alerting the world of the address change. Don’t tell anyone your new address who you no longer care about.
- If you have been using free email to run your business and you want to change to something more manageable – Go with Office365 purchased directly from Microsoft. Don’t buy the service through a third party like GoDaddy. We can assist purchasing and managing it, but you want to purchase the service directly from Microsoft under your personal or business account. That way you own it, not a consultant or third party.
Tips creating a password for anything
- Write it down! Write it down! Write it down! You will not remember! You will not remember! You will not remember!
- Write it down clearly. Print, no cursive. Do not throw in uppercase letters when there is none. If the first character is lower case, don’t write it down as uppercase. We like to write it down all uppercase, with an underline for the truly uppercase characters.
- Passwords typically have to be 8 characters with a minimum of upper and lower case letters and a number. Some, like Norton, require a special character such as “$” or “@” thrown in.
- Before creating an account with any vendor, write down the password neatly and in the proper case ( upper or lower ) BEFORE you enter it into your “about to be created” account. This is because what you type when creating an account and what you think you typed are in no way related. You will write down the wrong password. Write it down first, then type it based on what you wrote down. This avoids us having to break out the Ouija board trying to determine what the password is for your newly created account.
- Always give the vendor a way to reset the password. Give them more than one, if possible, for the important accounts. This means that you should give them your cell number, home phone, a second email address, or someone else’s number. You must have a valid way to reset that password when it’s lost or forgotten.
- Things such as “password managers” exist that make it so you don’t have to remember anything. Good luck with that. Write it down anyway. Password managers are outside the scope of this article.
- Always fully document answers to secret questions, recovery email and phone numbers, account numbers, etc. Everything associated with the account you are creating must be written down, including the date it was created. Leave nothing out.
- Again, when writing it all down, do not use cursive. Print the password slowly with large font. We like to use all uppercase characters and underline what should actually be uppercase. Countless times people will write down passwords in proper English when, in fact, the first character is NOT be capitalized. It matters greatly.
- More can be found here about password management. Some of what is outlined here is repeated simply because it’s so important.
Gmail versus Microsoft Outlook
Commonalities between the two
- Both have free and paid email services.
- Both have excellent phone and tablet apps specifically made for Gmail and Outlook services.
- Both will work with Windows 10 Mail and the desktop version of Outlook. Microsoft has much better integration with the built-in Mail and Outlook programs.
- Both have excellent email management and adjust-ability.
- Both can be difficult finding the exact setting you want to change.
- Both accommodate two-factor authentication.
- Both are very popular and well supported.
- Both are run by companies that will probably be around a long time.
- Both tend to hide commonly used buttons such as print, reply, and forward. Irritating, but learn-able.
- Both have probably the best SPAM protection of all the providers.
Google Gmail.com Features
- Gmail’s website looks more traditional than Outlook.com. Outlook.com can be simplified, but it needs ‘tweaking’. Some prefer the more “modern” look and feel of Outlook.com. We prefer Gmail’s classic looking website for viewing email.
- Excellent spam filtering.
- Chrome can use Gmail when opening mail links in web pages.
- Excellent integration with the Chrome browser.
- Gmail shows advertisements but they are very minor and hardly noticed.
- Works with the Microsoft Outlook program pretty well but it’s not optimized for it.
- Uses an excellent Gmail program to read mail on a phone or tablet.
- Google appears to use Gmail to collect a lot of personal data on it’s users. What they do with it, who knows.
Microsoft Outlook.com Features
- Excellent integration with the Outlook desktop program. Since most businesses use Outlook, it works seamlessly with the Office365 service or the free Outlook.com email service. Anyone with an outlook.com, msn.com, live.com, or hotmail.com account can benefit from Outlook.
- When using the Outlook.com website to view mail, advertisements are more prominent in the free version of Outlook.com than the free version of Gmail.
- Microsoft offers paid email services that exclude advertising and may include the normal office programs such as Word, Excel, PowerPoint, Outlook, etc. What you get in the package depends on the subscription selected in the Office365 service.
- Office can still be purchased like always where a one time payment is made and you are set for life. Office365 is a subscription based model where you purchase your Office products annually. In the long run it will cost more than a one time purchase, but you do have access to additional online services, multi-device license use, version upgrades, no ads, etc.
- A service called Exchange Online also offers the entire suite of office programs, to one degree or another, along with a way of managing your entire business email services using your custom domain name. It’s also a subscription model and although it’s aimed at business, if you are a one man band with a custom domain, it applies to you also.
- Microsoft has comparable SPAM filtering to Gmail with excellent filtering options. Maybe even better than Gmail.
- Integrates with Windows 10 and Microsoft Edge seamlessly.
- Uses an excellent Outlook program to read mail on a phone or tablet.
- Microsoft appears to collect personal information to a lesser degree than Google, but who really knows.
Google v. Microsoft Conclusion
For a simple, non-business, personal, stand alone, free email account where you will be logging into a website to read email from a variety of devices, we tend to recommend Gmail. For business, business level use, fans of the Outlook program, user of Microsoft Office or Office365, go with Outlook.com.
Either way, you can’t go wrong and we have no issues with either choice for most people other than for business level email. If you are a business or need business-like features, go with Office365 or Exchange Online. That discussion is out of the scope of this article.
What is “Two Factor Authenication”?
Two factor authentication means that along with the password you must enter to gain access to your account, you are also required to answer a second inquiry just in case someone got a hold of your password. Most commonly this second inquiry is a text message sent to your phone, an app that asks you for confirmation, or a second email address, presumably proving you are the legitimate owner of the account you are trying to log into. The idea being that only the legitimate owner of the account would have access to their phone, app, or a second email address.
Both Outlook.com and Gmail have this feature available, but it’s off by default. When activated, you set the email account to send a second message to a mobile phone number, a second email address, or an application on your phone to confirm login. We use this on all of our accounts but most people do not. It requires an increased level of discipline in order to keep track of your account information. Frankly, most should not use two-factor logins because if you lose access to the second device or account, you’re in trouble. You can prepare for just such a scenario but extra documentation must be written down. For now, unless you have highly sensitive information or extremely disciplined, you may want to steer away from two-factor authentication.
Things to know:
- Email addresses are not secret. An address can be guessed and put on a SPAM list and you are stuck.
- When ordering from a vendor, look for a check box that automatically subscribes you to their mailing list and un-check it.
- There are two kinds of SPAM – legitimate and illegitimate. Legitimate SPAM has an unsubscribe at the bottom. Use it. Illegitimate SPAM has no such option and you may be stuck.
- Some email providers have good SPAM protection such as Gmail and Outlook.com. Their services can target specific email and send it to trash or block it outright. By default, they work well. However, for stubborn SPAM you may need to figure out how to set a specific “rule” to block or delete the incoming email. How to do this is out of the scope of this article.
- Never type your email address into a Facebook comment, a response to a post, or wherever. Websites are scanned for email addresses and added to a spammer database. This is commonly called “Scraping”.
- Businesses should never post company email addresses on their website unless special steps are taken. Not only for SPAM avoidance but also to avoid potential “phishing” attacks.
- At the risk of blasphemy, getting off Facebook, Pinterest, Twitter, etc never hurts to avoid SPAM problems. Stay low. Don’t give out your email address – ever.
- Never enter a password based on a link you just clicked on in an email.
- Try to use a second, retired, or junk email address for sketchy websites.
- The SPAM problem may be so bad or the SPAM itself is so horrendous that you have to retire the account, which is a whole other thing. See above for details about changing email addresses.
- Getting one or two SPAM messages a day is normal. Unsubscribe if you can or just deal with it.
- Unsubscribe from any and all emails you do not absolutely need as soon as possible. Look for a tiny, gray, “unsubscribe” link typically at the bottom of the email.
- You wake up one day and your inbox is filled with some sort of returned mail from hundreds or thousands of vendors. It doesn’t mean you have been hacked. It more than likely means someone may be using your email address as a return address. Anyone can do it. Change your password to be sure and wait it out to see if it goes away after a week or so. They tend to move on to someone else.
- On the other hand, your account may be compromised. Without fail, every time we have worked with a compromised account it was due to the account holder voluntarily giving up their email and password to a fake website or some other trickery. Don’t do that.
- To check if your account has been compromised, you can go to this website, enter your email, and see if it’s on a list somewhere. Although it doesn’t give you any tips on what to do, it can explain a sudden increase in SPAM.
- If you use Outlook or Gmail.com to read email, you can try to set up filters to send incoming SPAM to the trash bin or block it outright where you never see it. How to do that is outside the scope of this document.
- If you must post your email address, try doing it cryptically such as “john doe [at] gmail [.] com”. It’s clumsy and will not work trying to log into an account, but if you must post an email address “out in the open”, it’s one way to do it.
A note regrading Office365. This is an entire suite of products offered by Microsoft for professional email and document management. It’s a subscription service paid annually – for life. Office365 offers the following:
- Instead of a one time purchase of the Microsoft Office Suite ( Word, Excel, Powerpoint, Outlook ), you are on a subscription paid annually.
- You will get free upgrades as long as the subscription is paid.
- It offers a few more services that you probably won’t use, but they are there.
- Cost can range from $60 to $99.00.
- One Office356 license can be used on up to 5 machines. Although that sounds good in that you can load it on the entire families computers, it was intended for one user to load it on all their computers. It’s a bit of a gray area but not illegal. Yet.
- Office365 provides an overwhelming number of services. The key is to predict the future a bit when deciding on what to go with. Consultation is highly recommended.
There is also something called ExchangeOnline. This is a business level subscription that allows many things, including full email management for all users in an organization.
- Use of custom domains
- Central email management
- Multi-device, multi-license office suite use
- User permissions
- and much, much more
Never subscribe to Office365 or ExchangeOnline through a third party such as GoDaddy. Always purchase directly from Microsoft or through authorized sellers that purchase through Microsoft for you. Some third party sellers modify the management of the email and make it a nightmare to change things or extract your business from their clutches.