Skip to main content
E-Mail Securitiy
Apr 1, 2001

E-mail, now the most pervasive Internet service available, began to be used by people even before they discovered the Web. Messaging Online states that there are about 569 million (electronic) mailboxes. Within 2 years, all televisions and phone lines probably will be outnumbered by the predicted one billion mailboxes. Such usage may make e-mail messages seem to be only innocent messages bumping around the Internet until reaching your milbox. And there they remain, until you open them. For most, that is the end of the story.

But sometimes messages can lead to malicious results. Some carry viruses, defined as unwanted and sometimes harmful computer codes. Others are hijacked and spill their secrets without a fight, or seem to come from friends who "decided" to send you false news.

Given today's reliance on e-mail, any security gap is a problem. Fortunately, such gaps are filled easily and can keep important e-mail safe and secret.

Is E-mail Privacy an Illusion?

The most common fear is prying eyes. Just as standard mail may not be private, e-mail is not entirely private, for it is easy to intercept e-mail messages. However, the risk of this occurring is often overstated.

Surveys show that many employers occasionally read employees' e-mail. If the messages are on company-owned computers, such "snooping" is legal. If you send and receive e-mail on your own computer, you will face a similar problem: hackers. You cannot ignore the small chance of nosy hackers at servers along the way. Even worse, it is easy to make e-mail look like it came from someone else.

How can your e-mail privacy be protected? Fortunately, suitable tools are available. One is encryption, which prevents any message modification or disclosure. Digital signatures can be used for authentication purposes. While these may seem to aggravate the problem, they are proper steps to take if you are concerned about your e-mail's privacy. Reliably identifying the message's sender is even mentioned in the Holy Books, as in: O believers. If a wicked person comes to you with news, ascertain the truth, lest you harm people unwittingly and afterwards become full of repentance for what you have done (Qur'an 49:6).

Many other solutions, most of them free, also are available. For example Microsoft's Outlook, the leading e-mail program, includes several built-in security features to protect your sent e-mail. Outlook can "digitally sign" messages with a special code to show that the message is from you, and also verify the sender's signature. Second, you can encrypt messages and attachments to ensure privacy.

To sign or encrypt messages with such e-mail programs as Outlook, you need a digital ID (also known as a certificate or key). Digital IDs consist of a public key and private key. The private key is stored on your machine and is never sent to anyone. You can e-mail the public key to correspondents, or they can access it from a central server. When you send a signed message, your private key generates a code that only your public key can decode. Thus your public key verifies that you sent the message with your private key. When you send an encrypted message, you use their public key to encrypt it so that only their private key can decrypt it. If you follow this procedure, only the recipient with the correct private key will be able to read the message.

Digital IDs are available from such third-party companies as VeriSign. Once an ID has been imported, you can use the features on the Security tab in your e-mail program's Options dialog box to establish a standard security procedure. Alternatively, individual users can download a free program based on the Pretty Good Privacy (PGP) standard for noncommercial use. PGP integrates itself with several e-mail programs and allows users to generate an ID for signing and encrypting e-mail or files. PGP also works with Web-based e-mail systems by allowing you to select text in any program and then sign or encrypt it.

Encryption keep messages secret. Even people sending e-mail at work can count on a PGP-type system to keep unwanted readers locked out, as long as both sender and recipient encrypt.

Things to Remember

Keep Passwords Secret: Web-based e-mail, such as Yahoo! Mail or Hotmail, presents another security concern: Subscribers can use any computer to check their messages. User IDs and passwords protect unauthorized access. But going somewhere without logging off lets someone else read your e-mail and send e-mail under your name. To avoid this, Yahoo! Mail or Hotmail automatically clear sensitive information from the browser's cache when you log off. In addition, after you log off someone else cannot log on by clicking the back button.

Another strategy is to choose an unusual password and keep it secret. A simple e-mail password is easy to remember-and easy to crack. Many password cracking applications are online, and most use a dictionary of common words to search for your password. Your best bet is to use an alphanumeric password.

E-mail Viruses: New viruses, some of them quite harmful, pop up almost daily. One of the fastest ways to spread them is via e-mail. Recent examples are the Melissa and the so-called "I love you" viruses, which could copy and mail themselves to the first 50 people in your Outlook address book. To avoid this, learn the basic limitations of viruses. Receiving, opening, or reading an e-mail message will not infect your system. Viruses are not that wily yet, so you can open the messages. However, be careful about any attachments. Attachments are usually displayed as file icons at the message's bottom or perhaps as hyperlinks that you need to download. Opening an attachment can allow a virus to escape and infect your system.

Some attached files are more virus-friendly than others. Watch out for files with .exe .com, and .bat extensions, for they can contain viruses. The fastest growing category of viruses today ride Microsoft Office Document (.doc) files as macros, executable files that record common keyboard and mouse actions to a single key with word processing, spreadsheet, and other documents.

One way to protect your computer is not to open attachments from strangers. A better and easier solution is to get an antivirus program that scans attachments before they can run. Such programs can hunt continuously in the background for macro viruses, as well as for the more traditional executable foes. Such virus-fighter sites as McAfee or Symantec allow you download a free demonstration version of their leading programs. Virus checkers cannot keep up with new viruses, so it is still smart not to open attachments from unidentified sources. Beware of an attachment that appears out of nowhere, even if you have loaded a virus program.

Misleading Links: Another threat is hyperlinks to odd Web sites. Many e-mail programs allow users to send Web links within a message so that recipients can click and begin loading the page in their browser. However, Web pages can contain scripts (a sequence of executable commands) designed to weasel through the browser's security measures and infect your computer with virus-like programs. This is more a matter of browser security than e-mail security. Although you probably will not encounter a Web page sophisticated enough to take advantage of browser security problems, you should be prepared by ensuring that your browser's security options are set appropriately. Also, keep your browser current.

You 've Got E-mail: Although most security problems could strike anyone, most of us do not need to turn e-mail habits into something out of a spy novel. Just be aware of the possibilities and take a few steps to see that your e-mail is protected.

Try not to create e-mail security holes. Almost everyone sometimes sends an e-mail message to a wrong address. When addresses are no more than initials, numbers, and meaningless gib berish, this is easy. Often the results are slightly embarrassing-sometimes almost catastrophic.

Consider the case of the Illinois man who left Chicago's snow-filled streets for a Florida vacation. His wife was on a business trip, and was planning to meet him there the next day. He sent her a quick e-mail upon reaching the hotel. Unfortunately, he missed one letter and his note reached the elderly wife of a preacher who had died the day before. When she checked her e-mail, she took one look at the monitor, screamed, and fainted. Her family rushed in and saw this note on the screen:

To My Dear Wife:

Just got checked in. Everything prepared for your arrival tomorrow.

Your Loving Husband

PS. Sure is hot down here.


  • www.