Hacking Email: 99 Email Security and Productivity Tips
Everyday, and some not everyday tips, on how you can keep your email
safe and secure.
IT Security Staff on
November 20, 2006
Hacking Email: 99 tips to make you more secure and
When people read out a phone number, they use "phone rhythm." No
one has to explain "phone rhythm," we all just seem to do it
automatically, "…713...555...12…34". Similarly, when we answer a phone
call we all say, "Hello." No one taught us to do that, but somehow we
all seemed to pick it up.
So why is it that when it comes to emails, there are no accepted
standards? Even though 6 billion emails are sent every day, almost no
one agrees about simple things like email etiquette, how to organize a
note, or whether emails are considered private or not.
The 99 tips in this article make up the best in email practices.
From how to ethically use the ‘BCC:' to what attachments will make
your mobile emailing compatible with everyone else's, this list covers
everything you need to know about emailing.
We're all guilty of bad manners once in a while, but when it comes to
emailing, some people are downright clueless.
Don't send private messages with the company account.
If you want to send personal messages from work (and you should
probably try to minimize this), use a freebie account like
Hotmail, Gmail, Yahoo!, or Excite, if your office permits it. The
content of your emails is less visible to employers through these
accounts, so the private messages you send will stay private.
Use BCC if necessary. If you must send a group
email to people who do not know each other, don't add their
addresses to the form's CC field; this is one method spammers use
to harvest email addresses. Instead, use BCC (Blind Carbon Copy) for their
addresses, and put your own email in the form's "to" field.
Don't send form letters. Its impolite to send
form letters, especially to your friends and colleagues unless
they are all part of a group that is expecting them.
Don't forward chain letters. Just don't do it.
Enough said. That includes the email that says that if you don't
forward it to 10 people you'll die. I don't care how superstitious
you are, don't send them.
Be professional. Ensure your work emails don't
contain 'u', 'afk', 'ty', 'jk' and/or several million other texting/chatroom acronyms. These developed
because cell phones' keypads aren't well-suited to writing
fully-formed words, sentences and paragraphs. In business
communications, however, they may give the impression of
childishness and illiteracy.
Be professional, part 2: Check tone. Be aware of
the professional (or not) relationship between yourself and the
recipient before starting an email. Use that to gauge what topics
are appropriate to write or not, as well as the tone of your
writing. This may be common sense to most, but you’d be surprised
at how often the rule is ignored.
Email is not private; it can be intercepted anywhere en route
to its recipient. In addition, it can live on for years in
recipient email boxes, later to return to its sender in choice
quotations. Think before sending email you will later regret.
Cut down on sigs. Signature files, especially in
business, should contain as few lines as possible. Four lines is a
figure generally agreed-upon. Email that consists of
a two-line statement and a ten-line signature will have its
recipients rolling their eyes.
May I quote you? When you respond to an email,
the original email is quoted. Cut the most relevant sentence from
the message to which you are responding, preface it with a '>' (if
it's not already there) and paste the quote above your response.
Delete the rest of the original email from your response, unless
you are responding to other points in the original.
Don't use email when you are angry. This is a tip
from Joan Tunsall's
Better, Faster Email (non-affiliate
Amazon link). While most of the time email does not convey your
emotions, particularly humor, it somehow seems to transmit anger -
even when you don’t intend it to come through..
Get clarification. If someone sends you an email
that upsets you, make sure you haven't misunderstood. As mentioned
previously, emotion and tone do not always carry over well in
email. Instead of responding angrily, in your response, quote the
portion of text that you are unsure of and ask the sender to
clarify. Indicate what you think it means, if you like, then ask
if you've misunderstood.
Don't spam friends. Occasionally, company mail
servers go on the fritz and send forty-five copies of the same
email to the recipient (personal experience). Even if it's not
your fault, it is polite to apologize profusely to your friend,
family, or roommate.
Consider the quirks of other email systems. For
example, say that you have a friend with a Hotmail account and
want to send a list of hyperlinks. Hotmail doesn't handle
hyperlinks inside of an email very well. For example, you cannot
easily copy the actual URL, without a bit of effort. So anyone
used to tabbed browsing, such as with all recent web browsers
(including, finally, IE7.x), may find it frustrating trying to
open a link in a new tab or window. It's hard to know about all
types of email systems, but some awareness reduces frustrating
situations for recipients.
Respond to group email appropriately. If someone
has sent a group email that requires a response, but only to the
sender or a couple of parties, don't copy everyone on your reply.
Don't respond to every group email. More
specifically, it is alright to sit out a thread of group
conversation if you are not being addressed directly. However,
read the emails carefully to make sure that you are not being
expected to respond.
Respect email laws and regulations. Some
countries have very specific rules about bulk emailing. If you use
email to promote your business, you need to know the laws for not
only your country but probably wherever you are emailing to. It's
a tall order, given the global village of the Internet, but its
importance cannot be overstated.
Communicating & Effectiveness
Now that we've covered the basics of emailing with manners, it's
important to make sure your intended message is actually getting
Use meaningful subject lines. Write something
"meaningful" in the subject line, to give recipients a clue as
to what your email is about. This is increasingly necessary to
distinguish legit emails from spam. The latter's subject lines
are are often deceptive.
Be brief. Do not send excessively long emails
if at all possible. Try to summarize your information so that
your recipients are more likely to read the email and actually
respond. When possible, break long emails into numbered point
form so that recipients can respond by reference number.
Summarize. Precede a long email with a short
Cheat with templates. In his
Five Fast Email Productivity Tips, author
Merlin Mann recommends 'cheating' -- using templates and form
letters - when you find yourself answering (or asking) the same
questions repeatedly. A good percentage of first-year college
students learn to do this when writing email to family, friends,
and significant friends back home.
Use 'Reply All' when necessary. Usually, the
common advice is to not use "reply all" if other recipients of a
group email do not need your response. But forgetting to use
"reply all" when appropriate is simply inefficient. If the vast
majority of a group needs to hear a message, writing in
individual emails addresses will waste your time and increase
the chances that you’re going to leave someone important out of
Remember the telephone. Unless you need a
written record of a given communication (or if the person you're
communicating with is long distance), consider calling (or
sending a letter to) your intended recipient instead of an
email. People often default to writing an email because it is
quick and easy; but sometimes a handwritten letter or phone call
can provide the personal touch your communication really needs.
If it's urgent, say so. Writing 'URGENT' in
front of your email's subject will make it stand out from the
crowd, and most likely get timely attention from the recipient.
Make certain it is urgent, however; remember how much
attention was paid to the boy who cried wolf when his cries
On vacation? If you will be out of your office
for a lengthy period of time, set up an autoresponder to inform
whomever emails you of your absence and your expected return.
This is polite (the message is only sent to a given email once),
and it prevents a lot of "I'm waiting for your response" emails.
A quick warning, however, to not use an autoresponder for your
home email; you shouldn't advertise an empty house.
Use smileys. If you think that something you've
written might be misunderstood in tone or emotion, use the
appropriate smiley. It should be obvious, but this tip does not
apply to work or other professional emails, or if the person
doesn't know you already. Marketing genius
Godin wrote the
The Smiley Dictionary [book], and there are
several sites with something similar:
Helvig's smiley dictionary.
Proofread. There is a difference between typos
and poor writing. Poor writing improves with practice. Typos
stay typos unless you take the time to eliminate them. If you
are applying for a job or freelance gig, it's especially
important to prufreed before you send that email. And
as if you needed another reason to be concise, remember that the
chance of typos is directly proportional to the length of your
Know your limitations. Mobile email is best
for very dexterous people. It isn't always the most productive
way to communicate for everyone. Reading emails via mobile is
fine, but if you don't have the thumb dexterity to use the
keypad to respond, save your thumb the pain and just handle
your emails on a computer.
Use voice-to-text. There are mobile
applications out there that will convert your spoken word to
text, which you can then use for mobile email responses.
Because this technology is just starting to go mainstream, if
you want it you are going to have to shop for phones
specifically with voice-to-text capability.
Duplication of email, or lack thereof. If you
plan to access email from both a mobile device and a computer,
keep in mind that some email servers and client software
download each email to the device you are using, and delete it
from the server. This could be hazardous to your career, if
you access with a mobile device, read it, and then delete it
with the intent of responding from a computer later. So make
sure that you know how your client handles the mobile/computer
Be exclusive. It's best to set up a separate
email account for your mobile devices. If you plan to be away
from a laptop or desktop for an extended period, you can
redirect your regular email, with full filters on. Use this
email account only for your mobile device. By having to
separate accounts you can make sure to send all your
subscriptions and other large regular emails to your main
account. You can also sign up for new products with the
computer account to make sure you won't get spammed, before
you have those emails come to your mobile account.
Don't send email attachments to mobile devices.
If you know that a colleague will be using their mobile device
to check email for an extended period of time, avoid sending
him or her attachments. Send a snippet of text instead, if
possible, or a URL where they can download when they have
access to a laptop or desktop.
Use mobile email sparingly. Cellular wireless
data plans often have a monthly bandwidth cap. Sending
attachments (or receiving them) can be hazardous to your
wallet. Some mobile email services function by letting you see
that you have attachments, but others will automatically
download. So for the sake of you and your colleagues wallets
save the attachments for later.
Productivity, Folders, and Filtering
Email is only a useful technology if it remains an efficient
means of communicating. The dual threats of spam and
disorganization make email less efficient, so overcoming those
deficiencies is the theme of this section.
Respond promptly. Don't leave email unread
for more than two days. Look at it immediately and either
respond to it immediately, or -- after reading it -- move it
to a "must respond" folder.
Repond promptly, part 2. Acceptable email
response time for personal emails is 24 hours. Acceptable
professional response time varies by industry. Know your
expected response time and check your email accordingly.
Respond promptly, part 3. If someone sends
you an excessively long email and you do not have time to
respond to the entire email, respond with a brief email
acknowledging its receipt and your intent to reply in more
I go to pieces. If you receive an email
which must be responded to in its entirety but requires a
substantial investment in time to respond to, respond to it
in parts. Quote each original point that you are responding
to, so it is clear what you are referring to. Make it clear
that you are responding in parts, or else the recipient may
wonder if you missed the latter part of their message.
Exercise discipline. Check your email at
regular intervals. Whether its every 5 minutes or every 5
days, people need to be able to rely upon your response
time, so come up with a schedule that works for you and
stick with it.
Organize by Urgency. Email clients and
web-mail applications like Hotmail and Gmail will allow you
to sort your emails in the order with which you need to
respond to them. Consider making 'Urgent', 'Must Respond',
'Personal', 'Information' and 'Misc' folders. Then move
inbox messages accordingly. You can make this sorting
process more automatic by applying filters to email
addresses, so that your email client will do the sorting for
Be selective. Not every email you receive
requires a response. 'FYI' and group emails, for instance,
should be read and filed. Non-work-related email from
strangers should be forwarded to your home email address for
Be quick. Email you send at work should
consist of questions if you need information, or declarative
sentences if you are supplying it. At work, email is best
used for the transfer of knowledge - chatty banter and
essays are best saved for other venues.
Know your limits. Don't subscribe to dozens
of free "tips" sites if you don't have time to read the
items. If you feel must do this, for whatever reason, use a
freebie email address for this or consider an RSS feed
Cut to the chase. Sometimes a text chat is
the best way to resolve a communication quickly, instead of
sending a dozen emails back and forth. By keeping the bank
and forth emails to a minimum, you keep your inbox under
control and prevent the need to declare email bankruptcy and
starting all over.
Do what the Gurus do. There are a number of
great writers who focus almost exclusively on tips to keep
you technologically organized. Some Gurus of note: Merlin
Mann of 43-Folders, mentioned elsewhere in this article, and
Allen, author of Getting Things Done are good
GTD - get things done. Don't move anything
from your main inbox into a folder if you haven't read it
yet. It's likely to stay that way. Read it, respond, and
file it. That way, your main inbox holds only unread
messages. Or at worst, those you haven't responded to yet.
This makes it easier to "get things done" more efficiently,
in terms of email-triggered tasks.
Be specific with email titles. An email's
subject line is what enables its recipient(s) to
appropriately handle it. The famed 'Re:' standing alone on a
subject field is either spam, or a response to one of your
less-informative titles. Specificity not only facilitates
easy filing, but makes locating a given email in your sent
box months after the fact (when you need to prove something,
or again find that bon mot) a heckuva lot less
Use freebie accounts. Always use freebie
accounts for all those "free" subscriptions you sign up for.
No matter what they tell you, you will get unsolicited mail
as a result, at some point in the future. And it'll clutter
your inbox, making you less productive.
Blacklist Spam emails. Don't just delete
the spam you get sent, blacklist it. By blocking the sender
of spam emails you can drastically cut down on the total
amount of spam you get. Surprisingly, a good amount of spam
is from repeat senders, so a few months of diligent
blacklisting can keep spammers at bay.
Enable spam filters. Most email clients,
including freebie webmail types, have spam filtering that
can be turned on or off. They are not 100% accurate, so you
should make a habit of visually scanning your spam folder to
ensure you haven't missed anything important. But that
inconvenience is still worth leaving the filter on.
Ditch your spammed out email account. If
you have a freebie account that is loaded with incoming
spam, save all your important contact info, backup desired
emails, then ditch the email address. Get another one and
then notify all your contacts. Don't forget to update any
websites where your address is published.
Prevent email overload. Kaitlin Duck
Sherwood has a handy, quick guide to preventing email
overload. One that is simple but effective is to say "no
need to respond", or some such, if a response is not
The ability to attach documents has revolutionized the way in
which we do business. Despite its benefits, however,
attachments are one of the least standardized parts of
Keep attachments small. If you are
sending a large attachement to someone, whether they have
a free email or not, they probably have an inbox size
limit. Stay in good favor with them by only send
attachments of no larger than, say, 30-40 Kilobytes,
unless they've requested it of you. That means that many
videos and large pictures should be uploaded to the web
instead of attached to an email.
Don't forward attachments. Except in a
work environment where it might be expected, check with
your intended recipient before sending attachments. If it
is a large file, consider that sending it may block their
account from receiving additional email because they
exceeded their disk space quota. Attachments also take up
company resources and eat up bandwidth unnecessarily. For
example, if you send a PDF file to a group of, say, 10
co-workers, the mail server sends 10 copies of the same
file and uses up 10x the space.
Include an excerpt. If it's sufficient/
appropriate, include an excerpt of the document (instead
of attaching it) in the body of your email.
Send a link instead. You are better off
sending a link to something, if the material is already
online, or you can easily put it up on a secure site.
Share a file. If the file is not online,
and if you have the right to put it there (i.e., no
copyright issues, not company-sensitive material), then
use a filesharing service such as AllPeers, which lets you
define who is in your buddy list. No one else can access
the document. There are also several online spreadsheet
and word processor apps these days. See
Docs and Spreadsheets or Zoho. Both are compatible with
"Office" applications like Microsoft Office and Open
Office, and let you share documents. Once you've set a
Google Doc or Zoho document to "share", you can send
colleagues a link.
Share a file, part 2. If using
file-sharing services or web-based office apps to share a
file is against company policy, try this. Most larger
companies will have an Intranet site, possibly with
employee web pages. You may be able to upload your file to
your employee website. Just share the link in email. If
your computers are part of the same company network, you
probably already know this, but there is usually a common
repository, possibly organized by project. If you and your
colleague both have the same network permissions, upload
your file to the project area and email them the directory
Share a file, part 3. One alternative
that works nicely, provided it is not against company
policy, is to use the file-sharing feature of a
VoIP (Voice over Internet Protocol) or
VoIM (Voice over Instant Messaging) client, such as Skype or Windows Live/ MSN Messenger. If you are in a large
company, you might be using a more corporate solution such
as Lotus Notes, which, if memory serves, has its own
Use Text/ RTF format instead of DOC files.
Microsoft's Word files (.doc format) are susceptible to
some macro viruses. If you must send a document and cannot
use one of the options above, copy your document to RTF
(Rich Text Format) first, then email that as an
attachment. Even if you don't have a virus on your
computer, your colleague may. If they receive an RTF file,
then there is less chance they will respond with a DOC
file. (MS Word let's you work with RTF files as you would
a DOC file.) It is also okay to send .txt (raw text), .pdf,
and image files. Bad to send: any .EXE or other executable
file. Possibly bad: .doc or .xls (Microsoft Excel
Consider using OpenOffice XML format.
Office, a free open source alternative to Microsoft
Office, uses XML (PDF, 571 pgs, 1.5 Mb) text
files, so they are okay to send as well. (Text files
cannot harbor viruses.) Open office lets you create word
processor documents, spreadsheets, presentations (similar
to MS Powerpoint), and drawings. It can read MS Office
files, and can also output its XML files to the
appropriate MS Office format.
Defer opening attachments. Don't rush to
open an attachment just because it appears to have come
from someone you know. If you receive an attachment that
you are not expecting, don't open it. At least, first read
the email and make sure that the attachment is most likely
legitimate. If you're still not sure, call/ VoIP/ email/
or IM the sender to be sure. If the sender's computer has
a virus, it may be attaching trojans to all outgoing
emails from them.
Know what not to open. Opening spam can
direct floods of it to your inbox, multiplying the time
you're chained to email by an order of magnitude. Beacons embedded in spam - typically
clear, one-pixel .GIFs sent from a machine controlled by
the spammer - advertise that you opened the email... and
thus your address is both valid and responsive. Let
someone else do the work. Weeding out spam is unpleasant,
time-consuming and not unlike tip-toeing through a
minefield. It's several million times worse for ISPs, the
more reputable of whom employ industrial-grade filters
that prevent the bulk of it from hitting their customers'
inboxes. Doing some legwork to determine which ISP filters
the most before it hits you will ultimately save you hours
Tricks, Hacks, Backup
The following tips are more about technical gadgetry and
implementations rather than etiquette or organization.
Use a custom email reader. Certain
types of email servers (POP3, IMAP, SMTP, etc.) allow
you to access your email from other software interfaces.
This can come in handy for custom batch filtering, and
even for auto-separating emails into folders. You might
consider this, in order to create a custom mail reader
for yourself. Obviously, this involves some programming.
EmailAddressManager has a quick guide to the
POP + IMAP + SMTP settings in
Hotmail and other web browser-based email clients.
Aggregate emails. If you are
subscribing to various emails, you might wish to collect
them into a single document, print them out, and read
them at a later date. If you have a custom reader (see
above step), then you can tweak to produce a single RTF
or PDF document from all emails in a single folder or
under a single label. This can also come in handy if you
want to collect a thread of conversation for an ebook or
regular book, or even a lawsuit.
Learn to filter effectively. A student
related the story that when he went back to university
to prepare for a Master's degree, the new email address
assigned to him already had 500+ spam emails waiting for
him the first time he signed into his mailbox. Because
email addresses were produced using the first and last
name of a student, they were relatively easy to generate
for spammers. All students at the school were likely
getting that much spam. Filtering of the mail server was
woefully inadequate, and didn't even have an auto-spam
folder. The simplest way to rid himself of the email in
this case was to create a folder of emails to keep, scan
the inbox carefully for such email, then move them for
safekeeping. Then, since all remaining emails on a given
page in the inbox were spam, a single click near the top
of the page selected all of them, and they could be
easily deleted en masse. Alternately, all emails could
be selected with the single click, then desirable emails
unchecked individually, before the deletion. While this
method is more prone to deleting desired emails,
sometimes that is your only option.
Speeding up Google's Gmail. Digital
Inspiration has some tips on
how to increase Gmail speed, if you
are having some problems. The tips are browser-specific,
but clearing cache will probably work for all browsers.
Gmail filtering. Digital Inspiration
has numerous tips for more effective Gmail use. One is
that you can use
Gmail email address aliases to help
filter messages into folders ('labels' in Gmail). So if
you sign up for email subscriptions at different sites,
you can use a different alias for each site and have
your Gmail account's filters redirect email to the
appropriate folder. This doesn't stop spam, but what it
does do is (1) organize your incoming mail; and (2) let
you determine how a spammer got your email address. This
feature is probably one of the most powerful features
for effective email use, and to date is only supported
by Google's Gmail.
Here are some tips for some of the various email readers,
including Yahoo, Hotmail, Google Gmail, and Outlook. (Some
Gmail tips are covered in the previous section.)
Get Google Gmail. Google Mail, aka
Gmail, is a relatively new
contender in the email reader market, free or
otherwise. The problem is, you either have to be
invited or use your mobile phone, with text messaging
capability, to sign up, if you live in a select
country (Australia, Indonesia, Malaysia, New Zealand,
Philippines, Singapore, Thailand, Turkey, United
States). It's a strange list of countries, and the
ones not included are as much a surprise. But if you
can manage to get a Gmail account, it's worth it. It's
an incredibly effective webmail system.
Use Gmail formatting sparingly.
Google Mail uses a very rich format for text, even if
you don't explicitly apply formatting. It's nice to
look at, but if you are using Gmail and sending to
someone who is not, do not use any additional
Visually track your Gmail conversations.
Gmail has a nice little feature that makes it easier
to track a conversation thread visually. Beside each
entry in your inbox, there is a little "star" that
when clicked on turns yellow. If you use your Gmail
account for a variety of incoming sources, the star
can help you find a thread easily. When you are done
responding, you can turn off the star.
Archive your Gmail conversations.
Gmail makes archiving email threads extremely simple.
Other email systems let you keep folders as well.
Gmail lets you attach "labels" instead of moving items
to folders. You can attach more than one label to each
email thread, thereby making it easier to find later.
Labeled threads can stay in the main inbox, or be
"archived" to what amounts to a folder with the label
name. If someone that is part of the conversation
thread responds after the email has been archived, it
resurfaces in the inbox with its label(s) intact, and
can be re-archived if desired. This nonlinear,
"conversation object-oriented" treatment of the entire
mailbox in Gmail can be a more productive way to use
email, if you are prepared for the differences. It's a
feature that is more common in standalone email
clients, but relatively new to web-based email
Utilize free Gmail disk space.
You have 15 GB of free storage to share across Google Drive, Gmail, and Google+ Photos. If you use Google
Apps at work or school, you have at least 30 GB of storage. While you may have a lot of files and folders in your Google Drive, only items that you've synced or uploaded use
storage space. Google Docs, Sheets, or Slides or items shared with you don’t count toward your storage space.
Gmail document conversion. Digital
Inspiration has yet another Gmail tip, this one for
converting a variety of file
formats into HTML automatically. It's so simple,
you'll be pleasantly surprised.
Gmail MP3 player. This feature is
pretty easy to discover, if someone sends you an MP3
attachment, but Digital Inspiration explains how you
play MP3 files with the Gmail player
without logging into Gmail.
Hotmail quirks. Hotmail has the quirk
that if you click on a link inside of an email, a new
window pops up, regardless of the web browser you are
using. Sure it's one of the oldest webmail systems and
sure there are millions of people using it, but power
email users should avoid it like the plague. With
Gmail or even the new Yahoo beta mail around, why
bother with Hotmail?
Outlook upgrades: call contacts.
Microsoft Outlook has of late been getting "add ons".
There are several add-ons that integrate with your
contact list to allow you to call phone numbers from
Outlook. For example, assuming you have Skype software
(free) running on your computer, the SkypeContact Dialer for Microsoft
Outlook will initiate a VoIP (Voice over Internet
Protocol) call on Skype. Skype, if you don't already
know, is just one of many free software programs that
let you actually make voice calls from your computer
to either another computer or even to landline phones.
(You can read more about VoIP at
Outlook upgrades: RSS reader. The
newest version of Outlook lets you subscribe to
RSS (Really Simple Syndication)
"news feeds/ headlines". These are the same type of
"headlines" you see in Gmail or at a site like
Yahoo mail beta: AJAXified. Yahoo!
Mail has a new version that's just released that uses
AJAX and all kinds of web2.0-ish features that are
supposed to enhance it. If you do not like the
workflow of Yahoo, try out their new "beta mail". It
has multi-tabs, to allow viewing of multiple emails
simultaneously, and drag-and-drop of highlighted
emails into folders, fast deletion of blocks of
consecutive email items, RSS feed viewing, a calendar
to manage tasks, and other features. If you don't like
it, you can switch back. At least for now.
Last but not Least: Privacy and Security
Rule 1 of email privacy: there is no true
privacy. Keep that in mind, and write your
emails accordingly. (See Exceptions below, under
Follow email compliance. This one
is more for businesses rather than individuals. But
because it potentially treads on employee privacy,
it is included here. Publicly-traded businesses in
some countries, for example the USA, must often
follow email compliance and do automatic backups of
all employee communications. Here is a
5 step guide for email compliance from IT
Security. Email system backups are a matter of
course for most large organizations. But with more
small companies going public, this is something for
employees to remember, which reiterates the previous
point: there is no real privacy in email.
Copy that. When discussing
sensitive topics with someone at work, CC (carbon
copy) a supervisor or colleague involved in the same
project. This will cover your back should the other
person claim they didn't receive your email
indicating their deadline for some work, etc. This
method keeps the conversation private for the most
part, as it's expected that your boss or supervisor
has the discretion not to forward the email
elsewhere unless absolutely necessary, while
simultaneously protecting you. All this should be
done independently of any regular system backups.
Don't hand out your real email account
freely. This is especially important for a
company's employees. Company email addresses should
only be known to other employees and a few close
family members, in case of emergency. Some companies
publish a few employee email addresses on their
website, but they really shouldn't as this invites
spam as well as creative phishing scams.
Use a contact form. Your website
(or your company's) should not display employee
emails online. Instead, use a coded contact form.
When someone submits a message, the web server's
contact application can forward to the appropriate
parties, in multiple if necessary. When the
receiving party responds to the contact form
message, they will at that point be revealing their
real email address. But hopefully they can
distinguish between a real query and a fake one.
Code your publicly-displayed emails.
Spambots are web applications that scour websites
for recognizable email addresses. If you have a
website or display your email on anyone's webpage,
"mangle" your email. It should still be recognizable
by a human. For example, if your email is email@example.com,
then try something like "bob-dot-loblaw #at#
mycompany-dot-com", or something similar. And be
INCONSISTENT. Spambots are getting smarter, as
spammers refine them. Use a variety of punctuation
marks, but still have it human-readable.
Better yet, use a freebie webmail account.
You still want to code your email address when you
display it publicly. Also, don't make it obvious
what your real email is. For example, if your real
email address is firstname.lastname@example.org, don't use
something like email@example.com. Some spam bots
use addresses they harvest to generate other
combinations, just in case they get lucky.
Don't unsubscribe blindly. If you
start receiving "subscription" emails from some
source to which you didn't subscribe, don't use
their "unsubscribe" link. If you do, you might just
find yourself getting even more emails. You're
better off just adding the email address (or the
entire domain) on your inbox blacklist.
Use a plain-text email client. If
you use a plain-text email client, there's less
chance that you will fall for a phishing email, as
either there'll be no active hyperlinks, or the link
will be obvious. In a similar vein, if you sign up
for any sort of subscription email service at a
website, choose to receive emails in text mode only,
Use a secure email client. See this
IT Security article for some tips. IT Security
also has a brief
discussion of email security, with a link to a
buyers guide that contains a list of email security
Encrypt emails. Never send
important/ private information by email unless you
have encrypted it. And even then, think twice before
sending it. Also keep in mind that certain forms of
encryption may be illegal in your country. The
difficulties surrounding encryption mean that
sensitive/ private information is still best sent on
paper or via phone. If you want to take the
5 steps to make your email secure explains some
of the options.
Encrypt, part 2: Use freenigma. Freeing is a free Firefox web browser plugin
that performs email encryption for webmail-based
email systems, including Gmail, Yahoo, and Hotmail/
MSN. There will also soon be a corporate
professional version and a Microsoft Outlook plugin.
But the basic version is free. However, to use it,
the person you are sending to must also have the
plugin. Since the application is currently in public
beta and first- come- first- served, your intended
email recipients should sign up at the same time as
you. There is also an open API (Application
Programmer Interface) so that you can incorporate
freenigma into your own applications. Read/Write Web has more details.
Try steganography. Steganography is
the act of hiding a message in some other media,
usually a digital photograph. If someone doesn't
know the message is there, they probably cannot find
it, right? The only drawback is that if someone
tests for standard "data hiding" methods, they may
discover your hidden message. Try combining
encryption and steganography. That is, encrypt a
message, then bury it in a digital image or another
Escape from Nigeria.
Nigerian fraud - wherein a
Nigerian government employee with access to untold
riches just needs a chunk of cash from you so he can
escape the country - was known in the 16th century
as the Spanish Prisoner Letter. In 500 years, no-one
fool enough to send money ever received a cent or
centavo back from the criminals behind these scams.
Don't get hooked.
Phishing email - messages
purporting to be from Paypal, Western Union, e-Gold
and other financial companies - typically promises
account closure and balance forfeiture if the reader
doesn't click on the handy included links and
'verify' or 'confirm' account details. The links
look legitimate, but instead they direct the worried
recipient to a lookalike site set up to collect
login and password information, credit card and/or
bank account details, et cetera. Never
click links in email of this variety; physically
type the URL of the company's website into your
browser if you are concerned about your account.
Honest companies will tell you upfront that they
never send this sort of email. That is, they will
never send an email where they tell you to click on
an enclosed link to save your account from shut
Don't get hooked, part 2.
Similarly, do not click on the links of an email
purporting to be from some famous organizations,
unless you have contacted them and are expecting a
reply. If you are using a web browser-based email
client, hovering your mouse cursor over a link
should display, in the browser status line at
bottom, where the link is to. Look at that
carefully. One unsuspecting 76-year old retired
professor with lots of computer experience thought
he was getting an email from a famous golf course in
California, where he had actually played before.
Clicking on the link caused a flood of browser
windows filled with porn to appear, causing him to
lose much time trying to figure out how to get rid
of the problem.
Don't get fooled again. PC Magazine
offers a couple
examples of how spammers use
clever subject line wording to get the unsuspecting
to open an email. One suddenly common way is to make
you think that you sent an email which bounced.
I bring sad -- but sane -- tidings.
Regardless of what that email said, you did not win
the Irish Sweepstakes. Neither did you win the Yahoo
Lottery. In fact,
there *is* no Yahoo Lottery.
Typically, one has to purchase a ticket to win a
lottery. Also, legitimate lotteries don't ask you to
send $550 to Nigeria.
Teach your children well. If you
have children, ensure they know what you know of the
points noted here and in other articles. Note, too,
that additional online dangers face them. Speak with
them about predators; about using avatars instead of
photos of themselves online; about never sharing
address, phone or other personal information with
anyone online; about telling you when someone makes
them feel uncomfortable or sends inappropriate
pictures. If you're uncertain how to proceed, the
Kids' Rules at SafeKids.com will prove useful.
Don't just delete -- destroy. When
it's time to upgrade, back up, then import your
email and other important files to the new computer.
Then comes the important part. Stories of bountiful
private data harvested from used and 'recycled'
computer hard drives whose data had simply been
deleted from the OS or the command line (or dealt
with by DOS's FDisk) are rife. Many of these
originated with an
exercise performed by Simson
Garfinkle and Abhi Shelat, who published what
they'd found on 150 used hard drives they'd
purchased. If you don't trust erasure programs which
overwrite sectors many, many times, you might
consider a metal chipper shredder (or, if on a
budget, sledge-hammering the platters.
Stay clean. If you suspect you have
a virus on your computer, run a virus checker (with
an updated virus database) immediately. If possible,
try to notify people on your contact list. Many
viruses perform the explicit purpose of harvesting
email addresses from your computer, then spamming
them in your name. Running a regular virus checker
on your computer will keep you clean and protected,
as well as keeping your contacts out of "harm".
The following list of references and resources is by
no means comprehensive. Some of these links (and
tips) have been used above, while others are simply
things you need to read:
If you would like to learn more about email
security, visit the
Security Email Resource Center. For specific email
security solutions, see the IT Security
Email Security Comparison Guide.
On December 7th at 4PM EST, IT Security and
IronPort are presenting a webinar titled "Beyond the Perimeter - Securing Email".
This webinar features Stig Ravdal, CSO of Quiznos Sub,
and David Mayer, Product Manager of IronPort. If you
would like to attend,