Security for free: Don't trust everything in e-mail


Security for free: Don't trust everything in e-mail

E-mail security has several threads, as there is a wide range of vulnerabilities. We have all heard about the Love Bug, BadTrans, and malicious code in attachments or e-mail messages has become a serious threat.

Most of these make use of convenience facilities - click-to-open file associations; HTML e-mail formatting; macros in attached documents; e-mail preview - which therefore constitute hazards.

So turn off these features and learn to put up with the limited inconvenience that goes with being more secure.

Confidentiality is at least as important in business. E-mails are, by default, sent in clear text across a connectionless Internet. Every waystation has to store the message, for a while at least, so any number of unknown and untrusted computers hold, and may retain, copies of e-mails sent.

Encryption can help, but standards are still not well defined, so although you can co-operate with a regular correspondent to use compatible encryption, messages to new customers are a different matter.

It is also easy to forge an e-mail: the sender address in the "from" field is not a trustworthy indication of the source. Digital signatures can help, but both parties have to support the same standard. So if an e-mail looks odd in any way, use your loaf - phone the apparent sender and check.

Finally, as an e-mail now has the same validity in some aspects of law as a written document, it could come back and bite you, so never send confidential or contentious information in an e-mail. Above all, stay alert and don't fall for the obvious.

Mike Barwise is a consultant at

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in July 2002


COMMENTS powered by Disqus  //  Commenting policy