Safe E-mail Usage Sending

Sending mail is a little more care free. There are some things you can do to make sure your conversation is secure though. The first is to ensure your connection is secure. There are also methods to allow you to digitally sign your messages, which guarantees that the message is from you and has not been tampered with en route. And for maximum security, you can encrypt your messages to make sure no one reads them. Digital signatures prove who e-mail comes from, and that it has not been altered in transit. If you establish the habit of using digital signatures for important e-mail, you will have a lot of credibility if you ever need to disown forged mail that appears to be from you. They also allow you to encrypt e-mail so that no one can read it except the recipient. PGP in particular offers high levels of encryption which to break would require extreme computing power.

Digital Certificates
A digital certificate is unique to an individual, kind of passport, and is composed of two parts. These two parts are called as public and private key. The certificate is unique to one person, and typically certificates are issued by a trusted Certificate Authority, or CA. The list of Certificate Authorities you trust is distributed automatically (if you are a Microsoft Windows User) by Windows Update and the list is accessible in your browser under tools>internet options>content>certificates. You can go here to view certificates installed on your machine (yours and others), and other certificate authorities you trust. You can disable the automatic update of CAs, and choose to remove all CAs from the list, although this is not recommended. Instructions on how to do this are on Microsoft’s web site.


Digital Signatures
A digital signature is generated by your e-mail software and your private key to assure the authenticity of your e-mail. The purpose of the signature is twofold. The first is to certify it came from you. This is called non-repudiation. The second is to ensure the contents have not been altered. This is called data integrity. The way an e-mail program accomplishes this is by running the contents of your message through a one way hash function. This produces a fixed size output of your e-mail called a message digest. This is a unique value, and if the mathematical algorithm that produces it is strong, the message digest has the following attributes.

• The original message can’t be reproduced from the digest.
• Each digest is unique.

After the digest is created, it is encrypted with your private key. The encrypted digest is attached to the original message along with your public key. The recipient then opens the message, and the digest is decrypted with your public key. The digest is compared to an identical digest generated by the recipients’ mail program. If they match, then you’re done. If not, your mail client will let you know the message has been altered. There are two types of signing / encryption functions, S/MIME and PGP. S/MIME is considered to be the corporate and government choice, possibly because it uses the less labor intensive certificate authority model for authentication, and because it is more easily implemented through Microsoft's Outlook Express e-mail program. PGP is more often the choice of the computer user community, because it is based on a non-centralized web of trust for authentication, where a user's trustworthiness is validated through the 'friend of a friend' system, where you agree that, if you trust me, then you can also trust those people who I trust.

Safe E-mail Usage Receiving

Everyone uses e-mail, and to the surprise of many people, your e-mail can be used against you. E-mail should be treated as a post card, in that anyone who looks can read the contents. You should never put anything in an ordinary e-mail that you don’t want to be read. That being said there are strategies for securing your e-mail.

Spam, Phishing and Fraud
Everybody likes to get e-mail. A long time ago, in a galaxy far away it used to be you only got mail from people you knew, and it was about things you cared about. Now you get email from people you never heard of asking you to buy software, drugs, and real estate, not to mention help them get 24 million dollars out of Nigeria. This type of unsolicited advertising is called spam. It comes as a surprise to many people that e-mail they receive can provide a lot of information to a sender, such as when the mail was opened and how many times it was read, if it was forwarded, etc. This type of technology called web bugs is used by both spammers and legitimate senders. Also, replying to an e-mail or clicking on the unsubscribe link may tell the sender that they have reached a live address. Another invasion of privacy

concern is the increasingly common “phishing” attack. Have you ever gotten an e-mail asking you to login and verify your bank or E-bay account information? Beware, because it is a trick to steal your account information. To secure yourself against these types of attacks, there are some simple strategies to protect yourself outlined below.

HTML based e-Mail
One of the security concerns with HTML based e-mail is the use of web bugs. Web bugs are hidden images in your e-mail that link to the senders’ web server, and can provide them with notification that you have received or opened the mail. Another flaw with HTML e-mail is that the sender can embed links in the e-mail that identify the person who clicks on them. This can give the sender information about the status of the message. As a rule, you should use a mail client that allows you to disable the automatic downloading of attached or embedded images. Another problem is related to scripts in the e-mail that may launch an application, if your browser has not been patched for security flaws. For web based e-mail clients, you may have the option of disabling the automatic download of images, or viewing the message as text. Either is a good security practice. The best way to protect yourself against HTML e-mail based security and privacy attacks is to use text based email. If you must use HTML e-mail, beware!

Attachment Security
Another real concern related to received e-mail security is attachments. Attackers can send you malware, viruses, Trojan horses and all sorts of nasty programs. The best defense against e-mail borne malware is to not open anything from anyone you don’t know. Never open a file with the extension .exe or .scr, as these are extensions that will launch an executable file that may infect your computer with a virus. For good measure, any files you receive should be saved to your hard drive and scanned with an latest antivirus software. Beware of files that look like a well known file type, such as a zip file. Sometimes attackers can disguise a file by changing the icon or hiding the file extension so you don’t know it is an executable.