Email Security

A number of recent security breaches spring to mind ranging from Apple’s iLeak to a series of Google’s own security breaches. This is reassuring as it offers one a chance to reflect on their security and at least know one is not alone in their fight against “virtual pharmacists, financial propositions from Nigerian princes and pictures from dodgy sites [1]” and the more recent and ever so apt “part-time job” applications with surreptitiously attached 100KB zipped files. Who really has a CV that long?! But we digress.

Privacy, integrity, and delivery are attributes of email management systems that we must not take for granted despite many of us having a somewhat unsettling over-reliance on mail. With respect to privacy, the nicest way to think of email is like everything else in life; if you feel that you would be ashamed to read your emails on the front pages of a newspaper chances are you are not observing netiquette. Email is a grey area and a good natured email full of irony or sarcasm can take on a different meaning and end up offending the recipient. Or worse, that secret subscription to Simon Cowell Google alerts will be spread around your entire contact list, including colleagues who may never let you live it down. The best way to avoid this is to consider that your email has “face.” This means that the email should follow:

F—face or respect for the reader;
A—accuracy in spelling, punctuation and grammar;
C—courtesy, coherence, correctness and conciseness in the language of the email;
E—e-manners in the subject, salutation, complimentary close, signature block of the email.

Email integrity can be compromised by malware such as spyware. Spyware can not only record and send information on what you've typed, it can also alter certain programs, such as your email client. Unlike normal spam, those sent from a spyware planter look authentic. Your filtering software cannot mark it as junk or spam as it has genuine headers. In such instances, a watchful eye and manual intervention are necessary. One cannot always assume the person in the “sender” has actually sent the corresponding email.

We have a simple rule for phishing; never give out usernames and passwords to third-party sites. They might promise to reveal to you who has checked out your Facebook profile most, or who has blocked you from their list, or even what your present or future partner is doing right now. In either case, the small print of this social engineering technique is, “We are masquerading as a trustworthy entity in our attempt to acquire sensitive information such as usernames, passwords and credit card details from you. This is criminally fraudulent in many jurisdictions, but hey, “Catch us if you can!”” [2] [paraphrased]

Finally, do remember our four cardinal rules of spam.
1. Do NOT reply to ANY of the spam messages
2. Forward the email, including header information to the relevant domain name e.g. abuse@gmail.com, abuse@hotmail.com, abuse@yahoo.com, spoof@paypal.co.uk, or spoof@ebay.co.uk
3. Delete the original message
4. Add the sender to your blacklist of email senders to block all future emails from the sender


[1] "A Brief History of Spam - Time". http://www.time.com/time/business/article/0,8599,1933796,00.html 2009-11-02. Retrieved 2010-07-27.
[2] Wikipedia article: Phishing. http://en.wikipedia.org/wiki/Phishing Retrieved 2010-07-27.

Comments