How to verify, secure and scan your mail box from suspicious activity

Gone are the days of mail by courier or postal authorities when mails could be recognized by handwriting or signatures. Now we are using Gmail, Yahoomail, Hotmail, Outlook, Rediffmail or , .in,, and just less than 1% of mails are digitally signed. This article explains as to how to verify, secure and scan your mail box from suspicious activity.

How to keep you email account secured

Never send your password via email as no legitimate sites or services will ever ask you to send or forward them your passwords via email. It is always better to keep your password reminders at a secret hidden place visible to you alone. Never leave notes about your passwords in naked sight desktop. As recovery options help the users to secure their mail account from hijackers through recovery options one can restore access to one's email account even if you forgot your password.

Use mobile phone to protect your email account

Your mobile phone is the easiest, safest and quickest way for getting your email account protected. It is considered more secured than your recovery email address because your mobile phone is usually with you even while you travel.Providing a recovery phone number to Google won't result in more calls from telemarketers or email marketing agencies.

2-Step verification to keep your Gmail protected

Do not depend upon recovery email address alone as if bad guys manage to steal or hijack even your recovery email address then if you have not enabled 2-step verification on all your email ID's then it becomes a bit difficult to recover the hijacked email address. Google firstly uses your recovery email address to send you an email to reset your password if the event of yourself getting locked out, or challenged by an account hijacker. If you have enabled 2-step security even on your recovery email address then your recovery email remains protected. You can access your recovery email address with your password along with phone. If a bad guy or a key logger manages to steal or capture your password, then without your phone he/she can not get into your account. While signing with 2-Step Verification, the user needs to enter email password as usual. On receiving the verification code via SMS on phone the user has to enter the code. However if you need to make the process simple that you can use your trusted devices like smart phones, computers, laptops, ipods and tablets to remember the machine for a period of 30 days, if cookies are enabled on such devices or computers.

More security tips while signing in to Gmail

Just click the gear icon in the right upper corner of the browser to select the settings option. Out of many options available select the option "Always Use https" and save the option. Under signature check vacation responder. The user needs to check out if there is any unfamiliar content in the text box. If yes, remove it to click save changes.

Delete all the unwanted, suspicious or unnecessary email addresses from the contacts lists, "Reply to address" lists. Do not forget to save changes after every action taken. Also check mail from other accounts using POP3 to make sure that all listed addresses are recognized. It is always better to delete or remove any unwanted addresses.

Check to look for any email addresses listed as the owner of an email account listed here can not only read but also send mail on your behalf. Use the option delete to revoke an account's access.

Check out the filters which say "forward to" to ensure that you know the addresses listed. Check that these addresses are correct. Click edit or delete to the right of the filter to make any changes.

Check the filters which say "delete it" to make sure that the setting were made by you only. Click edit or delete to the right of the filter to make any changes.

Check to ensure that your mail is not being forwarded to unwanted addresses. If you find any unwanted forwarding addresses, immediately disable forwarding option to save the changes.

If you have enabled POP settings but you never access your mail with POP, then it is better to disable POP. Similarly if you have enabled IMAP settings but you never access your mail with IMAP, It will be better to disable IMAP access. IMAP is used by the users while accessing email on Apple Mail, Thunderbird, or Outlook.

Keep your device or laptop protected from malware by having a trusted antivirus with live update enabled along with daily scheduled run. I use Microsoft Security Centre which used to come free with genuine windows version. But now Microsoft support for earlier versions of Windows XP is being closed in April,2014. If you get notification from Google or otherwise come to know that your mail account is compromised, changes the passwords immediately after removing the malware, if any, detected during virus scan. Also ensure that your operating system is updated daily. Operating systems like Microsoft Security Essentials release updates to repair security vulnerabilities and it is therefore recommended to protect your device or computer by enabling your automatic update setting, and/or updating when you get a notification. Never ignore regular software updates. Some software like Adobe Flash, Adobe Reader, Java release regular updates but are not included in operating system updates. These updates are equally which include repairs for their security vulnerabilities. Regular update of your browser is also very important to get the latest security updates.

Check the version of your browser at which will tell about the current browser used by you.

It is important to always upgrade to the latest version of your web browser so that you get the latest security updates. The page will provide you information about current version or if new version is available. While Google Chrome automatically updates to the latest version, check out for latest versions of other browsers.

At the bottom of any Gmail Page one can find the details link to find out as to from which IP addresses your mail was accessed from along with their approximate locations. Check for any suspicious account activity with immediate reporting to Google.

If you find that large number of message are not visible in your mail account, you need to get alerted as your account might have been compromised at one point of time or other. Similarly if unfamiliar messages appear to have been sent from your mail account or you are receiving unnecessary password recovery emails from, your mail appears compromised.

How to report Phishing Mails to Google

Just sign in to Gmail to open the message (do not click any link in the message), you intend to report. Click the drop down menu in top right corner to select Report Phishing to report. If you notice strange messages even from your known contacts even them you need to be put on alert as it is quite possible that the account of your known contact might have been hijacked. Hijacker may send you mails in the guise of your friend may ask for your sensitive information. Never respond to such strange messages without getting verified through mobile or other means of verifiable contact. I have already discussed in detail about the steps as to How to Protect against Identity Theft which can also be a source of emanating phishing mails.

To keep yourself secured against possible sneaking by bad guys in your Google accounts including Gmail you need to sign in at to manage access under the Connected applications and sites. If you notice any unwanted application or service, just remove it by clicking Revoke Access.


Author: Sarojah03 May 2013 Member Level: Gold   Points : 2

Your title is meant on mail box of any email but you have written the article only for google (gmail) and so your title may be gmail instead of mail and however thanks for your information and no wonder to see it is from the researcher on google.

Author: Ashok Goyal03 May 2013 Member Level: Gold   Points : 4

Thanks for your insight into the article. The idea was to generate interest and make the users aware of security threats. Gmail is the most preferred mail and if all mail services like hotmail, rediffmail, Yahoo are also seen from the same very prospective then the alert users can use similar techniques in their mail profiles or if the mail ID provider is not having services enabled then try for a better mail client like Gmail. Now Yahoo is also having two step security but it never works. Google has provided me 50 free mail ID's with my domain name such as and that too is so much secured. Once again thanks for analyzing my article.

Author: J.B.Gupta27 Apr 2014 Member Level: Bronze   Points : 3

I used to receive hundreds of mail landing in my box some of which got filtered by itself to the spam folder but good number of marketing mails kept me disturbing as I had to locate the important mails with great difficulty. The timely article by Ashok Goyal has helped me to reorganize my mail box in a better way. Sharing the article with other friends too.

Author: Ashok Goyal28 Apr 2014 Member Level: Gold   Points : 0

@J.B.Gupta, Thanks for liking the article and I am happy if the beginners like you get benefitted from my articles in the simplest layman language. Visit my latest resources at ISC again and share on Google+, Facebook to spread the word in the world.

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: