Complete Email Privacy Checklist for 2026

Your Complete Email Privacy Checklist for 2026

This checklist consolidates every actionable email privacy and security measure into a single, organized reference. Use it as a setup guide for new accounts, a quarterly review, or a one-time audit of your current email security posture.

Checkboxes are organized by priority tier — complete Tier 1 first, then work through Tier 2 and 3 as time permits.

Tier 1: Critical Security (Complete First)

Account Security:
□ Email password is 16+ characters, randomly generated, and unique to this account
□ Two-factor authentication is enabled with an authenticator app (not SMS)
□ Backup codes are saved securely in a password manager
□ Recovery email is a separate, secure account I control
□ Recovery phone number is current
□ Security questions use random, nonsensical answers stored in password manager

Account Monitoring:
□ Login activity has been reviewed for unrecognized sessions
□ All active sessions are recognized devices I own
□ No unrecognized email forwarding rules exist
□ No unrecognized email filters exist
□ No unrecognized apps or services have account access

Phishing Defense:
□ I never click login links in emails — I navigate directly to provider sites
□ I check actual sender addresses, not just display names
□ I never share OTP codes with anyone who contacts me
□ I am enrolled in security alerts for unrecognized logins

Tier 2: Privacy Protection

Email Identity Management:
□ A protected Tier 1 email exists for banking, healthcare, and government
□ A secondary Tier 2 email exists for ongoing services and subscriptions
□ Temp90 is my default for all new registrations and one-time signups
□ Banking and healthcare accounts use the protected primary email, not secondary or temporary
□ My primary email does not appear in commercial databases or data broker records

Data Exposure:
□ haveibeenpwned.com has been checked for all my email addresses
□ Passwords for any breached accounts have been changed
□ Major data broker sites (Spokeo, Whitepages, BeenVerified) have been checked and opt-out requests submitted

Inbox Hygiene:
□ Marketing and promotional email has been reviewed for relevance
□ Unsubscribe has been executed for marketing I do not want
□ Spam filter is being actively trained through "Report Spam" reports

Tier 3: Advanced Privacy

Communication Security:
□ End-to-end encrypted email is available for sensitive correspondence (ProtonMail or Tutanota)
□ Signal or equivalent encrypted messaging is used for sensitive personal communications

Network Privacy:
□ A VPN is used on all public Wi-Fi connections
□ HTTPS-only mode is enabled in my browser
□ A privacy-focused browser is my primary browser (Firefox, Brave, or Tor)
□ uBlock Origin or equivalent tracker/ad blocker is installed

Email Authentication (For Domain Owners):
□ SPF record is configured correctly for sending domains
□ DKIM signing is enabled on all sending platforms
□ DMARC policy is configured (at minimum p=none with reporting)
□ DMARC reports have been reviewed for unauthorized sending

Operational Practices:
□ Separate email is used for job searching
□ A secondary email is used for dating platform registrations
□ Temp90 is used consistently for travel service registrations
□ Children's platform registrations use a family email, not primary personal email

Business Email (If Applicable):
□ SPF, DKIM, and DMARC are implemented on business sending domains
□ All employee accounts have 2FA enabled
□ Security awareness training is current
□ Verification procedures exist for financial requests
□ Email security gateway is deployed (for larger organizations)

Ongoing Maintenance Habits

Weekly:
□ Financial account activity has been reviewed
□ Unfamiliar emails have been reported as phishing or spam, not just deleted

Monthly:
□ Login activity has been reviewed on primary email accounts
□ New breach appearances have been checked at haveibeenpwned.com
□ Temp90 has been used for all new registrations during the month

Quarterly:
□ Connected apps have been reviewed and unused ones revoked
□ Unwanted marketing subscriptions have been cleaned from secondary email
□ Data broker presence has been checked and opt-outs renewed as needed
□ Account recovery options have been verified as current

Annually:
□ All active accounts have been audited — unused ones deleted
□ Password manager review has been completed
□ Security tool updates have been reviewed (browser, VPN, 2FA app)
□ Email privacy strategy has been assessed for changes needed

Quick Reference: Temp90 Use Cases

Use Temp90 for:
□ Every new website or app registration where a permanent relationship is not needed
□ Free trial and freemium access to SaaS tools you are evaluating
□ Newsletter and content downloads
□ Social media secondary accounts
□ Gaming platform registrations
□ Marketplace registrations for one-time purchases
□ Travel service registrations
□ Job search platform evaluation
□ Crypto platform evaluation
□ Any platform you are unsure about

Do NOT use Temp90 for:
□ Banking and financial accounts
□ Healthcare providers
□ Government services
□ Employer communications
□ Accounts you need to recover in the future
□ Accounts with payment information attached

Your Email Privacy Score

Count your completed Tier 1 items:
0-4: Critical action needed — complete Tier 1 immediately
5-7: Basic protection in place — continue with Tier 2
8-10: Strong security foundation — proceed to Tier 2 enhancements

Count your completed Tier 2 items:
0-5: Significant privacy improvements available — work through this tier systematically
6-9: Good privacy posture — focus on the remaining gaps
10-12: Excellent privacy posture — maintain through ongoing habits

Count your completed Tier 3 items:
0-6: Advanced improvements available if needed
7-12: Comprehensive advanced privacy posture

FAQ:

Q: How often should I complete this checklist?
A: The full checklist is appropriate for an initial setup or annual review. The "ongoing habits" section provides the regular maintenance frequency.

Q: What is the single most impactful item on this checklist?
A: For most users: Two-factor authentication on your primary email account. It prevents the vast majority of automated account takeover attempts.

Q: How does Temp90 fit into the complete checklist?
A: Temp90 addresses the email identity protection items throughout the checklist — specifically keeping your primary and secondary email out of commercial databases through the consistent use of disposable email for non-essential registrations.

Conclusion:

Email privacy is not a single action — it is a layered set of practices that, applied consistently, produce a meaningfully more secure and private digital life. This checklist gives you a complete reference for every component of that system. Start with Tier 1 today, work through Tier 2 over the coming weeks, and build the ongoing habits that maintain your privacy posture over time. The investment is modest; the protection is substantial and lasting.