Email has many layers of security issues. Some of these are covered in other tutorials such as encryption  which deals with the problem of protecting your messages as they are transmitted across the Internet. Anonymous email which protects your privacy and identity. Spam which is annoying and the equivalent of junk mail and last but by no means least Virus attacks.

This tutorial deals with setting up your email software so that you do not leave yourself vulnerable to attack. I will be dealing specifically with Microsoft Outlook and Outlook express but the same principles should be applied to other email packages such as Eudora.

I will start by explaining the potential security risks you could be exposed to and then I will show you how to minimise your exposure.

Sales and marketing people thrive on data and they are forever inventing new ways of extracting the information they want from the general public. Data is valuable and companies will pay large sums of money for good marketing information. One of the more recent ways of tracking information is to use email. Your email client is capable of reading many forms of text encoding and display and the one that looks the best is HTML (Hypertext Markup Language) It allows an email to display graphics and vivid colours just like a web page. In essence a HTML email is a web page as that is what language web pages are written in. So - if a HTML email is just like a web page it follows that it can spy on you just like a web page. The best method of doing this would be to put a 1 pixel size image hidden somewhere on the page that linked to the advertisers web site. When you open your email it connects to the web and downloads the 1 pixel image. The action of connecting to the advertisers web site has created a server log that has probably recorded who you are and dropped a cookie on your computer. This serves two purposes for the advertiser. Firstly he knows that you have read his email - if he is a spammer then he knows that your email address is now valid and it will be added to more of his spam lists. If he is a sales company then he knows the moment that you have read his quote. He could then make a perfectly timed call to discuss it and he would know if you were lying about not having seen the quote yet. Secondly - if you forward the email to someone else he will know that too. It would also indicate to him that you were quite interested in his product.

This is more of a privacy issue than a security issue but if a hacker used the same methods described above it would be for more sinister purposes and a huge security threat. If he wanted to know your IP address on a network and all he had was your email address he could send you an email that linked back to his web site and extract the information that way. If he made the email interesting - like full of jokes - then you may be tempted to forward it to your mate in accounts who will then probably forward it to somebody else. Every time that email is forwarded and read it is dropping cookies on computers inside the company firewall and passing information out like network IP address ranges and operating system information. This will bypass all network security because it contains no malicious code it is just a link to a website from an email. 

The only safe way to stop this happening is to read your email offline (disconnect from the Internet after downloading your email) You should also turn off the preview pane as this will activate the email as it is downloaded. To do this select View from the toolbar and click on preview pane this will toggle it on and off. 

You should also disable the send read receipts option. When you send email you can request a read receipt. This is useful as it lets you know when somebody has opened an email that you have sent them. (no guarantees that they have actually read it!) To request a read receipt select new mail message and before you send the email select the options button and tick read receipt. When the person you sent the email opens it their email client will send an email back telling you what time they read it. This can be a useful tool on a network as well if you send an email to everyone on the domain it lets you see who doesn't regularly check their email. 

Just as you find this useful so do advertisers - again it lets them know that they have a valid email address and that you have read their email. To switch off this feature select Tools and then Options. On the Preferences tab select E Email Options then select Tracking Options at the bottom select the radio button Never send a response. This will not stop read receipts being sent to computers on your Local Area Network if you are on one. It will just stop read receipts being sent to the Internet. 

Whilst in the options box select the Internet email tab and ensure that the Warn before switching dial up connections box is ticked. This will protect you from rogue scripts that will disconnect your modem and redial an expensive premium rate or international number. 

There are plenty more security risks associated with Microsoft Outlook and you should ensure that you install all the latest bug fixes and patches from the Microsoft web site. Go to our software security updates and patches links page to check if you have the latest updates. Update Links

There are several issues associated with installing the latest security patches for Outlook and you should read the knowledgebase articles and decide if you will be affected before applying the patch.