Quick Tips of E-mail Security

by : InfoSecurityLab

Feature-rich email is not only a powerful way of communication, but also a major security threat. The more features an email service provides the security holes are made for hackers. In addition to the usual email security headache - executable attachments - HTML messages introduce new problems. HTML is not a plain text, it is rendered and it may contain executable code. You get dozens emails daily. Every time you read an HTML email message - something could be executed. It is just like you would execute dozens of unknown programs daily.

When you view an HTML message, embedded images and stylesheets are downloaded from a remote web server. This is called a "web bug". Your email client (via the built-in HTML viewer) sends to that web server all the information it needs to add you to email databases and more. For example, the URL of the image downloaded may look like: http://example.com/image/98989892991813482, where 98989892991813482 may be the database key for your email address. Thus the sender will know for sure that you have read the message. In most email clients you can not turn off the HTML mode.

Having an antivirus is a very big step towards overall security, but generic antivirus software alone can't protect from all threats of HTML and MIME-based email.

The best way to keep yourself out of spam attacks is to keep your email secret! Don`t put it on forums, webpages, etc. If you do, put it so that the humans only understand (e.g. "john [at] gmail (dot) com").

Keep multiple email accounts (e.g. one for friends, one for clients, etc). Gmail.com is a good service and is recommended. It also filters HTML for script attacks (e.g. gmail doesnt display all images in html emails).

The last but the most important - don`t open emails form sources you don`t trust or don`t expect to be emailed!

Article source: infosecuritylab