Secure Configuration for Email Clients

Secure Configuration for Email Clients (Beta)

Configure your email client (program) so it's not open to attack by malicious email. Simply viewing a message will trigger the attack if your program is not set up correctly. Attachments are a big threat too, but that's another matter.

Attacks by email rely on malicious code imbedded in HTML messages. HTML is the same format used for webpages, and email clients work like browsers. The attack can easily infiltrate your computer, install spyware, set up a Trojan horse, or turn your computer into a zombie.

Even with tight security settings, you'll still need to be cautious. Learn more at Step 6: Learn to Handle the Dangers Online.

If your email client is not Thunderbird or Outlook Express, you'll need to set it up using them as an example. Or look online. ;-)

Email client security settings

Instructions for Thunderbird

This is easy: By default, Thunderbird will not allow a virus or worm to execute automatically. There are a couple of things to do to tidy up. [Go to the security settings instructions for Thunderbird.]

Consider upgrading Outlook Express. Microsoft now offers Windows Live Mail, which is more secure than Outlook Express. [alternate link -- look for "Betas"] These instructions for Outlook Express will work with Live Mail too. (Find options for Live Mail at the right end of the toolbar, next to the "Help" button (blue question mark).)[more]

Instructions for Outlook Express

Disable the preview pane: This step is simple and it's critical. Some malicious messages are activated the moment you view them in the preview pane. You don't need to fully open them to infect your computer. [View > Layout... (in the menu) > uncheck the box for "Show preview pane"] From now on, you'll need to open messages by "double-clicking" them in the message list -- a small price to pay for greatly reduced risk.

Alternative: If you have an up-to-date version, you can set OE to read email as plain text. [Tools > Options... (in the menu) > "Read" tab > check the box for "Read all messages in plain text"] That will neutralize malicious content. This setting allows you to examine messages without the hazard of activating malicious content. This is a clumsy way to work because you'll need to switch back and forth for some messages.
Set Outlook Express to use the "Restricted Sites Zone": [Tools > Options ( in the menu) > Security (tab) > select "Restricted Sites Zone" and (if the option is offered) select "Warn me when other applications try to send email as me."] [see Q291387 at Microsoft]
You may also want to let OE help protect you from dangerous attachments. [Tools > Options > Security (tab) > select "Do not allow attachments to be saved or opened that could potentially be a virus."] Once in a great while, you may want to save or open an attachment that IE 6.0 now considers to be a hazardous file type. You'll need to temporarily deselect this option in that case.

• map of security section

• handling email safely
• Step 2: tighten configuration: windows settings; >windows services; browser settings; email settings
• step 6: handling the dangers

• email security
• web smarts
• catalog of threats
• elements of defense
• 7 steps to security
• how to remove malware
• WiFi security

• attack vectors: deception the #1 threat; phishing #1 deception; poisoned websites; poisoned email; email attachments; downloads; spam (scams and phishing); hackers and worms; popup warnings
• malicious content: spyware; viruses and worms; trojans

"Horse sense is the thing a horse has which keeps it from betting on people." --W.C. Fields