The safest way to view your email is to turn the preview pane off, so only those messages you deliberately open are displayed. To turn the preview pane off:

Outlook Express: Click View Menu > Layout and remove the checkmark beside Show Preview Pane.

Outlook 2000/XP: Click View Menu > Preview Pane.

Outlook 2003: Click View Menu > Reading Pane > Off.

Netscape: Click View Menu > Show/Hide > Message Pane.

Disable that Preview Pane -- Outlook or Outlook Express

Update: Outlook Express 6.0 offers a "Read all messages as plain text" option. This is a good alternative to disabling the preview pane.

This screen shot shows the Outlook Express window as it's usually set up. The selected message is already visible in the preview pane before the message is "opened". If malicious code was integrated with the message, the damage would have already been done.

To make Outlook or OE much more secure, change your "layout" so there is no preview pane:

Click View > Layout... in the menu of Outlook Express. You'll get a "Window Layout Properties" dialog window like the one at the left. Click to clear the check mark in the box in front of "Show preview pane" (as shown here). Then click OK. Now you're all set.

Now you can examine the message list before you open any of them. If you see any that are suspicious, delete them, or use a passive viewer to examine them. See instructions below for using the passive viewer in Outlook Express.

Update: If you've applied the security patches you can set OE 6.0 to read email as plain text, which is an excellent way to neutralize malicious content. In the menu, click Tools > Options > Read (tab) > put a checkmark in the "Read all messages in plain text" box > click OK. You may need to temporarily reverse the setting for messages that you receive in HTML format though. Just be sure you know they are good before you view them.


Using the Passive Viewer to Preview Dubious Messages

There's a passive viewer built right into Outlook Express. You can safely use it to open/view any email message because it cannot take any action beyond displaying the characters in the message -- even if the message contains a malicious file.

To use the viewer (see the figure below): Right-click the suspicious message in your Inbox message list. Select Properties from the context menu that appears. Click "Message Source..." in the message properties dialog box. The small window that opens is the passive viewer. Maximize this window (to full size). The Bold font text in the message "source" is the message header. The regular font text is the message body. If the body is not just plain English, the content could be malicious. Close the windows you just opened and take appropriate action. (For example, if the message is suspicious, right-click the message description again, and choose delete.)