• Home
• Newsletter
• Contact

• Security
• Hardware
• Software
• Websites
• Newsletter Archive

The articles on this website are only a starter. You will get a lot more out of this website by joining the newsletter.

Email Security

Email is probably the biggest cause of problems with computers today. But there are simple ways around all of these problems and simple ways that you can prevent most of them.

Email Can Lie

When an email is travelling over the internet, it contains the email address that it is being sent to, and also contains the email address that it was sent from. Unfortunately, the bit that says where the email came from, might not be true. It is up to the email application that the sender is using to fill in that part of the email. Some people can make it look like an email has come from one of your friends, when in reality it has come from a fraudster. Remember, just because an email says it came from someone, does not necessarily mean that it came from them. Just like real mail, it is very easy to fake the sender's address. Do not trust an email just because it says that it comes from someone that you trust, or a company that you trust.

Phishing

Phishing is the name for a common fraudsters technique. They send you an email that looks like it has come from your bank, your credit card company, Paypal, eBay, or some other company and they send you a link and ask you to log into their website. If you follow the link, the website will look very much like the website of the company the email claimed to be from and you make think it is their real website. When you try to log in though, instead of logging you in, they are just recording the username and password that you used to log in. They then go to the Real website, using your username and password to log in, then either empty your bank account, run up huge credit card bills or do some other financial damage to you.

So how do you tell a real email from a fraudster's email? Well, it's very difficult. A genuine email may contain your real name instead of "Dear Customer" at the top. There may also be some other specific personal information which only the real company could know. But, even if you are sure the email is genuine, do not follow any links from the email. Instead, go to your web browser and either go to their website in your bookmarks, or type in their website address from your memory. That way you are guaranteed to have signed into the real website and not a fraudster's website.

Viruses

As mentioned in my Preventing Viruses article, many new viruses send themselves via email. You would receive an email looking like it is from your friend asking you to open or "check out" the attachment. Obviously, the email is not from your friend, the virus might not even have infected the computer of the friend who the email says it is from. Sometimes, viruses go through the emails on a computer, and then send themselves to the email address while claiming to be from another one of the addressees on that computer. After a while, it will become obvious which emails have been sent by a virus (I get sent several every day because so many of my friends and business acquanitances are infected with viruses). Usually, the email will not contain any personal information about you or the person it claims to be from. It will be something like "Hey, check this out", instead of something containing names and other specific information like "Hi Michael, do you remember me telling you about that funny document on Thursday, here it is, from Ben."

Even if you are sure that the email is genuinely from your friend, it may still contain a virus and your friend is unaware. So, you should still check the attachment with your virus checker before opening or running the file. Simply detach the file to your filesystem, then locate the file and run it against your virus checker. If it contains a virus, just delete and tell your friend that their computer is probably infected with a virus. If your virus checker says it is clean, then you can be pretty safe to run or open the file.

Spam

Spam is probably the most annoying problem with email. It is free to send email so some people send millions of emails to millions of people around the world trying to sell their products. Preventing spam isn't easy, but it is easy to keep it to a minimum. Once you are already getting spam, it is difficult to stop it coming. Email filters that check your emails as you are downloading them and delete anything it thinks are spam are unreliable at best. Spammers just work out ways around the spam filters so that they don't recognise their emails as spam, and frequently, the spam filters accidently delete genuine emails from your friends.

One of the fundamental rules for preventing spam is to not give your email address away on the web unless you are absolutely sure of what is going to happen to it. Spammers use software that goes around websites looking for all of the email addresses that it can find. So make sure that your email address does not appear on any websites, even your own. If you use any internet forums, make sure that your email address is always hidden. If you sign up for a mailing list or newsletter, make sure that they do not show a list of subscribers. If you run your own website and want people to be able to contact you, you can use a web form so that they can send you an email directly from the website instead of giving them (and everybody else) your email address. When you do give your email address to a website, make sure that they have a good prvacy policy and that they will not give your email address to anyone else, no matter how "carefully screened" those other companies are. If they cannot guarantee that they will not give your email address away, do not subscribe to that website.

You also need to make sure that your friends do not put your email address into websites. Some electronic greetings cards websites are simply getting email addresses to sell to spammers. Somebody puts in their email address, and the email address of their friend whom they are sending the greeting card to, and the greeting card company now has two email addresses for the price of one. Your friend gets the feel good factor of sending you a free greeting card, and you get an inbox full of spam. People who do that to me are no longer my friends. When you give your email address to friends, tell them never to put it onto any websites or to send you any greeting card or similar. Tell them why they are a bad idea.

A method that I use to prevent spam is that I have my own domain name. This is basically a web address, such as intelligentwebmasters.com. You can set up the email for this domain name so that anything you put before the '@' sign goes to the same inbox. For example, yourname@....., myname@......, somebodyelsesname@.... all goes to me. This means that when I give someone my email address, I can give them a different one. I can tell bob, that my email address is bob@......, I can tell jane that it's jane@......, and I can join the spam.com newsletter with spam.com@...... and they will all come to me. Now if Bob signs me up for something that ends up sending me spam, it will all be sent to bob@......, and if spam.com send me spam, it will be addressed to spam.com@..... I can then create an email filter that prevents anything from bob@.... and spam.com@.... from getting to me using my email program. I can then report spam.com to the relevent authorities and I can give Bob a damned good telling off and decide whether I want to continue being his friend at all. It's a simple way of identifying exactly who was responsible for sending you the spam and making them accountable for it.

Another foolproof method of preventing spam is a return address verifier. There are a few companies that you can use where you create an email address with them and then they keep a list of who is allowed to send you email. When somebody new tries to email you, the company keeps hold of it and does not send it to you yet. In the meantime, it sends an email to the sender asking them to perform some action to prove that they are a real person (often spam is sent by an automated program) and to verify that the sender's email address is real (often spammers use fake email addresses). If the person passes the simple test, usually just a case of clicking a link or replying to the email, then the original email is forwarded to you and their email address is added to the list of permitted senders.

This method will not prevent viruses being sent to you from the people in your permitted senders list (or that appears to come from them) so you should still exercise all necessary caution. It is also possible for a spammer to get through by claiming to be from one of your permitted contacts, see my not about emails lying at the start of this article. This is unlikely to happen and if it does, the other person will soon need a new email address because even their genuine emails will fail to get past most people's spam filters any more. Simply remove their email address from your permitted contacts list and add their new email address if this happens.

Sensitive Information

Never send sensitive or financial information via email. Definitely not credit or debit card details. If you are planning on doing business with a company who asks you for your credit card details via email, choose a different company. A company that asks for credit card details via email, cannot be trusted with this information. Email is completely unencrypted and can be read by criminals who use software called "packet sniffers" which just monitor data as it travels over the internet. If they happen to be "sniffing" the line that your email goes over, they'll get your details. Chances are, if they discover a company that asks for credit card details via email, they will keep "sniffing" their internet connection to get those details.

So if they ask for your details via email, do not trade with them. This is basic credit card security so if a company gets this wrong, who knows what stupidity they'll get up to once they have your details on their records and unencrypted on their computer in their email program. Steer clear of such companies.

As a website business owner, I recall one customer who had heard a lot about internet security problems and emailed me to find out if my website was safe to put her credit card details into. I assured her that the website uses 128 bit encryption which is the strongest available for the internet and that it was perfectly safe. This customer then replied to my email with all her credit card details and address details. I realised my mistake because she had not understood the difference between websites and email. While it is possible to make a website secure enough to put your credit card details in, this cannot be done with email. So, just because a company's website is secure (see my web security article) does not mean that you can send sensitive details via email.

Another thing to be careful with is a mistake a company made with my credit card details. I had experienced some problems paying for their services so I used their secure customers services form on their website to send my credit card details to them to pay. They responded to the customer service request via email, saying that they would process the transaction but inadvertently, they had included my original support request text in the email, including my credit card details. This was not something that I had foreseen happening (it just hadn't entered my mind that a company would be so incompetently stupid) and I immediately realised that this was not a company I wanted to do business with. I immediately replied to that email (removing my credit card details), informing them of their stupidity and requesting the payment to be refunded so that I could take my custom elsewhere. I don't think I was particularly polite in my response either.