Using web based email will not really protect you. Malicious Java script or VBS is quite easy to put on an HTML message and if the email software at the web-based host does not scan for it, it can do as much damage as an executable trojan. I use a number of lines of defense. A good virus checker helps. Never execute anything you didn't actually ask for and check it for viruses first with an up-to-date checker. Install and use a good firewall. I use two of them and what one doesn't lock out, the other catches. Use a good TEXT-based email client that does not auto-display HTML in messages and that segregates attachments without running them. Personally, I keep a working copy of Outlook Express on my system at all times. It's worm bait. If a worm tries to hijack OE, it will succeed. But OE is not permitted internet privileges by my firewalls, thus any attempt by it to send something raises an alarm. Mind you, the only worm I have ever actually caught was an executable that I ran without thinking one day when I was groggy. And that was before I put these measures in place. Took me two days to run down all its pieces and rub it out.