For the most part, the greatest danger in email in the past has been from opening executable attachments containing viruses, worms, Trojans, etc. and I have discussed this subject previously. Using common sense about clicking on attachments, keeping anti-virus programs and the operating system patches up-to-date, and some system configuration should prevent infectious attachments from harming your system. With increasing frequency, however, the email body itself has become a source of infection. By means of HTML code or scripts hidden in the text, malware may get downloaded simply from the act of opening an email for viewing. It is also possible for spammers to track you this way (Web bugs, see sidebar). In this article, I will discuss some ways to avoid getting malware from the main email body.
Turn off the Preview Pane
For convenience, many email programs provide automatic views of email called the “Preview Pane.” Unfortunately, this means that any malicious code in the email body may get executed also. Or a signal may be sent to a spammer showing that you are reading the message. Steps can be taken to help allow safe use of the Preview pane but some may prefer to be sure and will want to turn off this feature. That way only mail that you deliberately choose to open will be displayed. Different email programs will have somewhat different procedures for disabling the Preview pane but I will give the method for the commonly used Windows email client Outlook Express (OE).
Go to the “View” menu, click “Layout” and uncheck “Show Preview Pane”. The procedure is illustrated in a tutorial with pictures showing how to configure OE for safety. Configuring the Preview pane is demonstrated on slides 7 and 8 of this tutorial. Also see slide 4 to see how to turn off automatic downloads in the Preview Pane.
Another way of turning the Preview Pane on and off in OE uses a sequence of keyboard shortcuts. First hold down “Alt” and “v”. This will open the “View” menu. Then in succession, press “l” “p” and “Enter.” Note that this is “l” for “Layout” and “p” for “Preview Pane”.
I do not use the more complicated application Outlook that is part of Microsoft Office but the Outlook feature “AutoPreview” (but not “Preview Pane) is said to be safe to use.
Configure system
The latest versions of OE and Outlook have several security measures in place by default but it doesn’t hurt to check. Make sure that OE is in the so-called “Restricted sites zone”. Go to the “Tools” menu and open “Options”. Click the “security” tab. Make sure the radio button is selected next to “Restricted site zone.” This procedure is detailed in the tutorial previously mentioned.
Read text only
In order to avoid any hidden HTML or scripts, email can be checked out by first reading it in text only. OE has a setting to provide for this. Go to Tools-Options-Read and place a check by “Read all messages in plain text”. This will disable all graphics and formatting so it may look a little funny but no viruses or spammer’s trackers will be able to run. If a message seems legitimate, the graphics can be turned back on. This procedure is illustrated in slide 4 of the tutorial.
Another way to read an email in text in OE is to right-click on the entry in the message list and then select “Properties”. Click the “Details” tab and then click the button “Message Source”. (See the fgure below.) This method allows for selectively reading messages in text without changing the configuration.
Reading on the server
Rather than bringing email to your computer and reading it locally with your own email client, you can also read the mail in text while it is still on the email server. If your mail account is of the usual POP3 variety, the free program MailWasher is a handy way to check out mail before downloading it. IMAP accounts or those with AOL or Hotmail can use the commercial cousin MailWasher Pro ($37).