E-Mail Security
It is probably not kosher

E-mail isn’t secure.  It passes through many strange networks.  It can be examined.  It can be spoofed.  It can be tampered with.  It can be kept when you want it to be discarded.  It can carry so many nasty surprises. When using it, you need to be on your guard.

So let us help you out, Moses style:

  1. Thou shalt not click the links in messages.

    If an e-mail has a hyperlink to your bank — or some other website you would provide confidential information to — do not click or follow the link!  It is very easy to “spoof” a link (i.e. making a link display as https://www.mybank.com, yet having it forward to http://www.badguy.net).  It is better to copy the link to the clipboard and paste it into your browser. That way, you can inspect the real link URL before you submit it.

  2. Thou shalt not suffer a client to show pictures.

    Pictures embedded within e-mail messages can be used to track reading habits.  In some extreme circumstances, e-mail images have even been used to successfully infect the reader’s computer. If your mail client has an option to not show pictures, take advantage of it. If your mail client does not have this option, use one that does.

  3. Thou shalt not forward chain messages.

    Many chain e-mails can contain bugs (transparent images and pieces of JavaScript hidden in an e-mail to track viewers, scrape e-mail addresses for spamming, and possibly deliver a virus payload).  If it is an important message, just re-type a quick summary of it in a new message.

  4. Honour thy confidential information and do not e-mail it.

    All e-mail transferred over the internet can be read by at least two servers, and possibly several networks along the way. Never send confidential information via e-mail.  If someone has sent confidential information to you via e-mail, change what you can (passwords and such), then ask the sender to refrain from doing so in the future.

  5. Remember the Bcc field, and keep it holy.

  6. Thou shalt not use the Cc or To fields in vain.

    If you To or Cc a message to multiple recipients, each recipient will see the e-mail address (and possibly the name) of everyone else that you sent the message to. When we Cc and To multiple recipients, we are needlessly spreading e-mail addresses into other peoples’ inboxes.  Many viruses go straight for the inbox to begin relaying spam.  Bcc recipients only see their own e-mail address in the To field.  When you use Bcc instead, you are helping to preserve the privacy and security of your friends, family, and co-workers.


  7. Thou shalt not use insecure webmail.

    If you use a web-based e-mail service like Yahoo!, Hotmail, or Gmail in your browser, make sure that you are using HTTPS in your browser instead of HTTP to get to the website.  You will know that you are using HTTPS when you see https:// at the beginning of the address, the security lock appears, and the lock is fully closed.

  8. Thou shalt not use insecure mail protocols.

    If you use an e-mail client (a program that runs on your device, like iPhone Mail, Android Mail, Microsoft Outlook or Mozilla Thunderbird), you are probably directly using SMTP to send e-mail and IMAP or POP3 to receive e-mail.  When using these protocols, make sure that you are using the secure versions of them.

    Typically, SMTP/S uses SSL over port 465, POP3/S uses SSL over port 995, and IMAP/S uses SSL over port 993.  Unfortunately, these settings vary from provider to provider, so if you are interested in setting up secure mail, you may need to ask your e-mail provider for the proper settings.

  9. Thou shalt not open unto thee any active attachments.

    For safety, limit yourself to images (JPG, GIF, PNG) and PDFs. Even those are not perfectly safe. Everything else has a lot of potential for harm, especially on Windows:

    Extension                   Type                       Danger
    EXE, COM, PIF, SCR          Windows Executable         HIGH
    APPLICATION, MSC            Windows Executable         HIGH
    GADGET, HTA, CPL, BAT       Windows Executable         HIGH
    MSI, MSP                    Windows Installer          HIGH
    VB, VBS, VBE                MS Visual Basic            HIGH
    WS, WSF, WSC, WSH           Windows Script             HIGH
    PS*                         Windows PowerShell         HIGH
    REG                         Windows Registry           HIGH
    SCF                         Windows Explorer           HIGH
    LNK                         Windows Shortcut           HIGH
    INF                         Windows AutoRun            HIGH
    SH, BASH, CSH, ZSH          Unix Script                HIGH
    JAR                         Java Application           HIGH
    JS, JSE                     JavaScript                 HIGH
    ZIP, CAB, RAR               Compressed Archive         MEDIUM
    DOCM, DOTM, XLSM, XLTM      Microsoft Office Macro     MEDIUM
    XLAM, PPTM, POTM, PPAM      Microsoft Office Macro     MEDIUM
    PPSM, SLDM                  Microsoft Office Macro     MEDIUM
    DOC, XLS, PPT               Legacy Microsoft Office    MEDIUM
    DOCX, XLSX, PPTX            Microsoft Office 2007+     LOW


  10. Thou shalt not leak thy neighbour’s e-mail addresses, nor his telephone numbers, nor any other thing that is thy neighbour’s to apps and websites.

    Many apps and websites have a “find friends in contacts” feature that requests permission to read your address book. If you care about your contacts and their privacy, give that request a hard NO. If you don’t, in the best case your contacts will end up with more spam. In the worst case, they could have their identities leaked to those who do not wish them well.

    Facebook and others link e-mail addresses, telephone numbers, and almost any other piece of data they get to profiles. You can search for profiles with some of that data. Great for reconnecting with old friends! Also great for cyberstalking people.

← Older Newer →

Leave a Reply

You must be logged in to post a comment.