Why you need a new email address in 2025NurPhoto via Getty ImagesRepublished on December 25 with the implications of responses to a new U.S. government warning and advice on staying safe on Gmail and changing your email address in 2025.Your inbox is under attack. The FBI has issued yet another warning ahead of the holidays, highlighting an alarming surge in email and website threats, just as multiple cyber reports claim this is the most dangerous holiday season yet. Even though Google blocks more than 99.9% of spam, phishing and malware in Gmail, its not enough. But now change is on the way. And for Gmails 2.5 billion users, 2025 looks like being the year your email address should finally change.With more than 2.5 billion users, Gmail, the worlds largest email provider, is now deploying ground-breaking AI models [to] significantly strengthen Gmail cyber-defenses, including a new LLM trained on phishing, malware and spam. But as McAfee has just warned, that AI revolution works both ways. As AI continues to mature and become increasingly accessible, cybercriminals are using it to create scams that are more convincing, personalized, and harder to detect.Email remains an appallingly basic technology. Despite all its advances, the core architecture remains the same. Anyone can access anyone elses inbox with just an email address. Those addresses are basically given away for freeharvested, leaked, stored, searchable. This month, Mailmodo says, spam messages [will] account for more than 46.8% of email traffic.This is why enterprises are looking for new solutionsTeams, Slack, even instant messaging platforms. because even with all the advances and the outside sender and untrusted sender warnings, too many emails get through.The answer is to restore some semblance of address security and not give away real email addresses like confettia situation made worse given email address are often a primary user credential alongside passwords to log into sites and services. Apple has tried to address this with Hide My Email, to keep your personal email address private... you can generate unique, random email addresses that forward to your personal email account, so you dont have to share your real email address when filling out forms or signing up for newsletters on the web, or when sending email.MORE FOR YOUAnd as I reported in November, Google is developing something similar for Gmail. Discovered by Android Authority in an Android APK teardown, Shielded Email consists of a system to create single-use or limited-use email aliases that will forward messages along to your primary account.This is a major step forwards and you should make use of this when it arrivesas should Apple users now. Just look at one warning issued to marketeers when Hide My Email was released: Now users can create a limitless number of fake addresses they dont even check, dramatically reducing engagement. And, worse still, they can easily deactivate them without affecting their primary email, meaning marketing databases could be full of dead addresses. This is important because a low deliverability rate can affect sender reputation, meaning your carefully crafted campaign ends up in spam.While Google assures that by spotting patterns and responding rapidly, [its Gmail] LLM alone blocks 20% more spam than before and reviews 1,000 times more user-reported spam daily, the threat will get worse again in 2025. McAfee says that AI is giving cybercriminals the ability to easily create more personalized and convincing emails and messages that look like theyre from trusted sources, such as banks, employers, or even family members. They can craft these scams quickly and with precision, making them more difficult to detect and increasing their success rate. As AI tools become more accessible, these types of attacks are expected to grow in sophistication and frequency.Email must changeand not just by improving central screening technologies. We need a radically different approach to include the following:On-device AI to flag spam and malicious email that has made it through central screening to inboxes. Too many emails still make it though, even though the actual email address and the presentational sender address dont match, with the latter a clear impersonation. How is it possible in 2024 that my inbox contains emails from Apple Support or X verification, when the senders have random email addresses such as sayio[at]hosai.co.jp.A better opt-in, known sender solutionmimicking secure messaging. Even the differentiation of trusted and unknown senders is too basic. There needs to be better deployment of AI or an easy-button for user to opt into a trusted discussion and advocate for a sender.Rather than upping the ante centrally, email security needs to do a better front-end (device-side) job. This is where safe browsing and malware defenses are now heading, making use of new device AI processing. Email needs a complete rethink to do the same.When Elon Musk (again) teased that he may launch an Xmail platform to take on Gmail, the blending of email and messaging featured front and center. The sweet spot is the universal compatibility of email without the mess. When one X post suggested that cutdown approach, Musk responded: Thats exactly what we are going to do.But that opt-in or trusted sender filter remains critical, as its that which opens inboxes to the world and sets email apart from closed messaging alternatives.Gmail isnt the only such challenge facing Google users. The other is RCS, which has been making continual headlines this month following an FBI warning for users to stop sending insecure RCS texts between Androids and iPhones. As Android Police asked on Monday, did RCS messaging open up the spam floodgates?RCS is fast becoming a marketing sensation, just as with email the value is that you can access anyone with just their phone numbers. Theres no real universal marketing filter, and because this is a standard cellular protocol, no-one is really running the show, because its a collective. It then falls to the RCS compliant messaging apps to apply a front-end filterjust as with emailwhich should work but doesntyet.Mobile spam has evolved alongside messaging technology, and RCS may have worsened things, Android Police says, and while email scams were cheaper, easier, and more effective than SMS scams in the past, RCS has changed all that now. The answer, the report says, is that RCS spam can't be eliminated. We can only rely on good security and spam filtering. Unfortunately, thats just like email.This is interesting because it provides a timely parallel to email, pitching the standard (SMS/RCS) with its spam and security challenges with newer (albeit not new) alternatives that take control of the end-to-end experience, and provide a simpler, more secure user experience.And the scale of the RCS spam threat is hugethe risk being that it becomes just like email, making the underlying technology almost unusable as a daily messenger. Last month, Juniper Research reported a 50% year-on-year hike. RCS business messaging traffic will reach 50 billion messages globally in 2025; Apples first full year of support for the technology. This represents a single-year growth from 33 billion in 2024.WhatsApp and other over-the-top messengers are not immune from spam, but its significantly less of a problem. And the platforms can easily police whats sent out and by who, and the controls they provide users to filter this out. Moving from SMS/RCS to an over-the-top is exactly the kind of clean start you can attempt with a clean email address. But its much easier.RCS spam can't be eliminated, Android Police says. We can only rely on good security and spam filtering. Recent advancements in deciphering spam through AI have led to improvements, and there is potential for significant spam reduction in the near future. Fine-tuned large language models (LLM), along with natural language processing (NLP), are positioned to surpass current spam detection systems and will make their way to RCS messaging. There's more to RCS chat than E2EE and spam filtering, so seeing how Google and the GSMA tackle this still-growing problem will be interesting. Again, its just like the tinkering approach to spam on Gmail and the other leading platforms, rather than the fundamental rethink needed.And so, when Musk teases the idea of a new platform that zeroes out the slow evolution to the mess we have today with something that can start with privacy and usability and simplicity in mind, its interesting. In reality we don t need something this drastic, and the transition would be woefully complex.In the meantime, take control. Yes, you need to use Hide My Email or Gmails new Shielded Email as soon as its available to create new addresses. But if you have an email address that has been around for years, then it has become a honey trap for spam and worse. Its time for something new, a primary email address you will better protect through multiple throw-away, masked addresses, without giving that primary address away. You can slowly migrate from one account to the other, and in the meantime use folders, rules and forwarding to capture emails to your old address.Using new email masking technologies is undermined if the primary address they link to has already been extensively harvested, sold and leaked. With 2025 just days away and threats surging, perhaps make email housekeeping one of your New Year resolutions and think about the risks associated with the addresses youre using now.Its an unhelpfully tough environment these days, for regular users to determine right from wrong and to pick the right advice to follow. Just look at the latest advice on X from CISAs Jen Easterly, with a simple set of recommendations to help Americans stay safe as the holidays began: This holiday season, Easterly posted, Lock your devices, avoid public Wi-Fi, keep your accounts secure. Tis the season to stay safe online!A quick scan of the comments below her post tells us all we need to know. Theres nothing simple or straightforward these days. Even simply advice is open to question and criticism. And for non-expert users taking an interest and looking to do the right thing, its easy to become confused.So what approach should you take?Well, on the specifics of Easterlys comments. Public Wi-Fi in regular places is usually okay. But make sure you only access encrypted sites, use a VPN if youre at all concerned, and dont ever break any of the rules around links and downloads. That includes any links or installs from the internet access splash pages that might show up.Keeping devices locked and accounts secure is common sense. And thats the crux for everyone reading this and taking an interest. You will know whether your email address has run its course, whether you find your account tricky to use as you wade through countless spam and frauds hoping not to get caught outremember, they only need to catch you once, you need to catch them every time.We saw the same with the FBIs holiday season warning, which harped back to its phishing advice from a few years ago. The world has changed and the threat landscape is now much worseespecially with AI. But the need to apply common sense and trust your instincts remains the same.In the last few days, Google published its own list of the four steps you can take to stay safeand theyre worth keeping in mind, whether or not you elect to change your address our even to make use of the new Shielded Email feature when its available, likely within the next few months.Gmail has a very high rate of success combating these types of scams, but scammers are persistent. Whether its during the holidays or otherwise, users should follow these golden rules:Slow it down. Scams are often designed to create a sense of urgency, and often use terms like urgent, immediate, deactivate, unauthorized, etc. Take time to ask questions and think it through.Spot check. Do your research to double-check the details of an email. Does what its saying make sense? Can you validate the email address of the sender?Stop! Dont send. No reputable person or agency will ever demand payment or your personal information on the spot.Report it. If you see something suspicious, mark it as spam. Youll be making your Inbox cleaner and helping billions of others too.Google also provides a list of the most common scams targeting its Gmail users. Again, for the sake of ten to fifteen minutes, you should take a read. Its worth keeping it all in mind.This holiday season, Google is drawing attention to three scams in particular:Invoice scams: This method involves scammers sending fake invoices to unsuspecting users, typically trying to solicit phone calls to dispute the charges and using this connection as a way to convince victims to pay them. These scams arent new, but are persistent and incredibly prevalent this holiday season.Celebrity scams: Over the past month, many of the most common scams popping up reference famous people, either pretending to come from the celebrity themself or claiming a given celebrity is endorsing a random product. The associations dont always make much sense, but the goal of these campaigns is to use the association to build trust and trick people into engaging with too good to be true scenarios.Extortion scams: This brand of scam is vicious and scary. Victims receive emails with details on their home address, sometimes even including a picture of the location. There are a few different versions of the messages, but they generally either include threats of physical harm or threats of releasing damaging personal material they say they acquired through a hack.The common denominator is your email address. If a scammer doesnt have it, then they cant email you. A protected primary address and a set of temporary addresses you can disable or redirect resolves this. At which point you needy to ask how does your email address find its way onto their lists. Per EasyDMARC, its pretty obvious where the data comes from:Lists bought from dark web or data providersOpenly available email addresses on social mediaEmail harvesting (using bots to search the internet for standard format email addresses)Social engineering posts and online multiplayer gamesTake a look at that list and ask yourself where your email is currently available and how you can change that. The advice is to be careful where you leave your email address, especially with websites you dont completely know and trust. But in reality, even the websites you trust can seller leak your data. As soon as your email address gets out into the wild, theres no telling where it will end up.And so lets return to that common sense point. Im guessing you are careful where and with who you share your phone number. You likely dont publish it on your public facing social pages or provide it to everyone who asks. But youre still inundated with cold calls. The reason its even worse with email is the scammers dont need to try very hard to find your details and add you to their lists. You much more willingly share a communications address that reaches you directly.Which takes us back to the email address theme for 2025. At some point something needs to change. We need to be mindful of who can contact us and how easily they can do so. With McAfees warning ringing in our earsthat its so much easier now to successfully trick us using AIthat time is now.Yes, its painful to change an email address or open a new Gmail accountits also painful to change a cell number. But if you were being hit by dozens of fraudulent cold calls per week, youd do so.