Gmail Defensive Computing

GMAIL

Consider your Gmail password critically important. Never tell it to anyone. Do not use your Gmail password for anything else. If there is a chance you might forget it, write it down on paper twice and store each copy in different secure places.

TECH SUPPORT

To me, the biggest issue with Gmail is that it is free. Any free service comes at the price of no technical support. If something goes wrong with Gmail (or your Google account) tough luck. In my opinion, email is important enough that it is worth paying for, just to get technical support.

We saw a stark example of this in August 2022, when a father was banned by Google for taking pictures of the rash on his toddler to send to a doctor (A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal). There are many aspects to the story, but the one I want to emphasize here is that this was clearly a mistake by Google. The Police opened a case and closed it quickly as any person could easily tell it was a mistake. But there was no person at Google to talk to.
In May 2023, Lauren Weinstein wrote about a 90 year old woman who forgot her Gmail password. TLDR: tough luck. This serves as a Defensive Computing warning to make sure the Gmail recovery email address for your account is valid. And, maybe, to have a recovery phone number too. The story again emphasizes that there are no people doing tech support at Google. An Example of a Very Sad Google Account Recovery Failure - and How It Affects Real People

ASSORTED

The Best Gmail Settings You Might Not Have Used Yet by Eric Ravenscraft for Wired (March 2021). Some topics mentioned: Change Undo Send Time Limit, Confirm Actions on Mobile, Unread Message Icon and Customize Your Keyboard Shortcuts.
December 17, 2022: Google introduces end-to-end encryption for Gmail on the web by Sergiu Gatlan for Bleeping Computer. The feature ensures that the body of an email and attachments (including inline images) can not be decrypted by Google. Only for enrolled Google Workspace users, who can to send and receive encrypted emails within and outside their domain. This was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). At the time the article was written, the feature was available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
To block email sent from a domain: starting at the gmail.com website, enter "from:badguys.com" in the search box (obviously just an example) and hit enter to insure the selection works. Then click on the icon on the search bar just to the right of the X (it is Search Options). Click Create Filter at the bottom of the window that pops up, then chose to either Delete all messages from the domain or archive them or assign them to a category. More here: How to block a domain in Gmail by Bryan Clark for Laptop Magazine (November 2022)
If you get a malicious email from a Gmail user, you can report it here: I would like to report a Gmail user who has sent messages that violate the Gmail Program Policies and/or Terms of Use. The form asks for the full email header, which is normally hidden. In Thunderbird, use View -> Message Source. Or, forward the message to abuse@gmail.com.
To change the time period when you can undo a Sent message: at gmail.com, click the gear in the top right corner -> See all settings -> General tab (should be the default) -> Undo Send.
How to recover your Google Account or Gmail from Google. Hopefully, you never need this.
If you use two factor authentication with Gmail, good for you. Should something go wrong with the second factor, Google offers a fallback using backup codes. See Sign in with backup codes from Google.
May 2019: Google uses Gmail to track a history of things you buy by Todd Haselton and Megan Graham of CNBC. The story said you needed to delete the Gmail message to remove a purchase. However, later research found that there is no way to delete your purchase history. And Google also tracks your Reservations, Subscriptions and Payment Methods. See it all at myaccount.google.com/payments-and-subscriptions. From Google: See your purchases, reservations and subscriptions. The day before flying recently, Uber offered me a discount for getting to the airport. Gmail told Uber about my trip, I found it in the reservations and confirmations page.

CONFIDENTIAL MODE

What: It is an attribute of individual messages that lets you set an expiration date for sent messages, revoke access to sent messages, and optionally set a password for a sent message. In addition, recipients of confidential Gmail messages are prevented from forwarding, copying, printing and downloading the message. Invoke it while composing a message by clicking on a very small image of a padlock and a clock. The recipient does not need to use Gmail.

But: The recipient can take a screen shot. Message passwords require that you provide a cell phone number for the recipient because the password is texted to them. So, arguably less confidential than normal. Google does not say whether they can read the messages, which means they can.

Watch out for Gmail's new Confidential Mode by Mike Elgan for Computerworld (May 2018). Elgan says that this is neither secure nor email.
Send & open confidential emails from Google

AVOIDING GMAIL

I moved my Gmail to a less creepy email. It was surprisingly easy. by Shira Ovide in the Washington Post (June 27, 2023). Ovide describes how she easily moved 15 years of email messages from Gmail to Proton Mail. Proton offers an Easy Switch feature with instructions on how to move your messages from Gmail, Yahoo or Microsoft’s Outlook. She considers Proton trustworthy and I agree.
5 Reasons to Ditch Gmail for ProtonMail by David Nield for Gizmodo (March 2021). The article is wrong about End-to-end encryption. It only applies to messages between two ProtonMail users.
How to Migrate from Gmail to ProtonMail by ProtonMail (undated). The steps: Transfer existing emails, Set up email forwarding, Transfer contacts, Inform your contacts and Update online accounts.
Privacy-Conscious Email Providers from PrivacyTools.io
These 4 Gmail alternatives put your privacy first (Fastcompany Aug 2019)

This Page Last Updated August 26, 2023	Site Page Views TOTAL 737,622	Site Page Views TODAY 216	Previous Website View 2.5 minutes ago	Website by Michael Horowitz @defensivecomput	top
Website Average Daily Page Views: November 2023: 687 See the website change log 2023: Jan 724 \| Feb 853 \| March 782 \| April 694 \| May 618 \| June 617 \| July 497 \| Aug 558 \| Sept 837 \| Oct 757 2022: Jan 368 \| Feb 315 \| March 320 \| April 328 \| May 367 \| June 379 \| July 685 \| Aug 1,568 \| Sept 671 \| Oct 664 \| Nov 901 \| Dec 1,222 2021: Jan 337 \| Feb 377 \| March 332 \| April 246 \| May 282 \| June 227 \| July 214 \| Aug 275 \| Sept 290 \| Oct 315 \| Nov 411 \| Dec 293 2020: Jan 212 \| Feb 377 \| March 303 \| April 296 \| May 317 \| June 267 \| July 258 \| Aug 282 \| Sept 279 \| Oct 333 \| Nov 318 \| Dec 332 2019: . . . . . . . . . . . . . . . . . . . . . . . . . Aug 176 \| Sept 178 \| Oct 194 \| Nov 180 \| Dec 200