A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Email

Sending and receiving electronic messages over a computer network

Email lets you send messages anywhere in the world over a computer network. To send or receive email you need an Internet connection and email software (also known as an email client) or a Web browser. Because it's so convenient and easy to use, email has rapidly become part of everyday life; but this widespread use also makes it a primary target for attackers.

Email: security threats & prevention tips

  • Bluesnarfing Stealing information from mobile devices using a wireless connection
  • Data Theft The unauthorized taking or interception of computer-based information
  • Interception Receiving email that is directed to another person
  • Malware Programs that are designed to harm your computer
  • Newsletters Some electronic newsletters are informative, while others are a form of spam
  • Phishing Phishing attacks trick you into giving away confidential personal information.
  • Spoofing Type of attack where the source of an email is faked
  • Spyware Software that sends information from your computer to a third party without your consent
  • Unsolicited Mail Email that you didn't ask for and typically don't want

Email: common problems and solutions

Your inbox is bombarded with junk mail.

If you get email from an unknown address, this is a sign of spam. You might have made your email address publicly available somewhere. You may want to increase the level of spam filtering in your email settings. For more solutions, visit our page on spam.

All your email is bouncing back.

You might have spyware on your machine that is causing all this suspicious activity. Sometimes spyware can block all the emails going out of your mailbox and cause them to be returned. To learn more about how to prevent and get rid of it, visit our page on spyware .

Email is being sent from your mailbox without your knowledge.

It is possible that your email account has been hacked, in which case you might want to report this incident to your email service provider and make a stronger password next time. See our page on strong passwords.

More probably, you might have spyware on your machine that is causing all this suspicious activity. Sometimes spyware sends out automatic emails to people who are in your address book so that they get spyware on their machines, too. To learn more about how to prevent and get rid of it, visit our page on spyware.

You constantly receive promotions from Web sites.

Sometimes when you visit well-known Web sites or purchase items online, you have to specify your email address in which case they automatically subscribe you on their promotional mailing list. (Look for small print specifying that they will subscribe you.) In this case, you may just want to email them and unsubscribe from such a mailing list. However, you must make sure that that they obtained your email address only with your permission. Else, it is spam and you may end up with more spam by contacting them.

MS Outlook strangely re-formats your forwarded emails.

Outlook reformats your forwarded email because Wordmail is active. When Wordmail is active, Outlook uses MS Word to format your outgoing mail. Word formats the text with more characters per line than other text-based email platforms. Thus, it might appear differently on another platform. To enable/disable Wordmail in Outlook, go to Tools > Options > Mail Format. There, you can toggle the checkbox “Use Microsoft Word to edit mail”

You get emails with blocked attachments.

Certain file extensions like .exe, .zip, .jar, and .csh are blocked by the email service provider’s mail filter. This is done because viruses are commonly passed through files with these extensions. The actual blocking behavior varies depending on different email providers. If you indeed have to send some attachment with those extensions, you can rename the file to have no extension or some other extension, just for the purpose of sending the attachment, and then make a note to the recipient to rename the file with the proper extension before opening the file.

Connect Safely from Different Places

Office

While email can help you communicate with coworkers and clients at work, it should be used with care. Opening an email attachment with malware or sending sensitive company information over insecure email could have severe consequences for your business. Check with your company's system administrator to see what measures they have in place to protect your email and keep it private.

An office email account is not the same as a personal account. Sending and receiving email at work has additional and unique ethical obligations that you need to consider.

First, employers have certain expectations about how their computer systems will be used by their employees. They look at these systems primarily as organizational assets that make the workplace more efficient. Most workplaces have policies that deal with acceptable and unacceptable use of email at work, and these policies usually restrict use of work email to business matters and prohibit its personal use. You should familiarize yourself with any existing email policy at your place of work.

Many organizations that provide email accounts to their employees have the right to monitor these accounts and to actually read current and past email messages sent or received by employees. By law, employees do not enjoy a “reasonable expectation of privacy” when it comes to email use at work.

Content of Messages. Work email messages need to be written and reviewed carefully. You should pay special attention to the content of your message and ask yourself if you are sending anything that might be offensive or cause some harm to another. Keep in mind that while in some contexts informal email messages are acceptable, some people may be bothered by informal messages in a business context. You should attempt to only write professional-sounding email messages that reflect well upon you and your organization.

Read your messages carefully before you send them, and never send email in a state of anger. Your anger will probably go away, but the email you sent will always be there as a reminder of your less than professional demeanor. You should also make it clear to your reader whether your message is representing your views or the views of your organization. Of course, sending email that is intentionally harassing, threatening or otherwise considered illegal is unethical and not acceptable in the workplace.

Confidentiality of Information. If you have an assistant or other third-party who has been given access to your email account, you should make sure that people who send you email know that somebody else will be reading their messages, especially if they might be sending confidential information that they would not want a third party to have access to.

Also, you have an obligation to your employer to avoid sharing any work-related information, sometimes called “insider information,” when you are writing and sending business email. Your employment contract may also have provisions that deal with “proprietary information,” and you should check your organization’s policies to see how they expect you to safeguard any data. You should not include important workplace documents and facts in email messages to people who do not have a need or right to access sensitive work-related information.

Likewise, you need to protect information that others have sent to you in their email messages. You should not electronically quote the writer of email that was sent to you or forward their complete message to others without their permission. People believe that the email they send will be kept confidential, and you would be breaching this confidentiality if you were to share what others say without either their explicit or implicit permission.

Also, do not use your company email account to forward funny photographs or stories that you receive from your friends. One person’s joke is another person’s junk mail. They can also take up your company's time and bandwidth.

Mobile

The use of email on mobile devices such as cell phones and PDAs is growing rapidly thanks to advances in wireless technologies. Many cell phones and PDAs can send information through the wireless network, so you can check your email just like you can on your desktop or laptop.

Since these devices are small, there is a greater chance of leaving your cell phone or PDA in a public place, putting your private information at risk. If the information in your cell phone or PDA is not encrypted or password-protected, anybody could easily read your email messages. In addition, your mobile device may be able to handle different wireless connections at the same time, each with its own security threats.

For instance, many mobile devices are now Bluetooth-enabled. Bluetooth is a technology that allows information to be sent between devices, such as when you copy your address book from your desktop computer to your cell phone. When you enable Bluetooth on your mobile device you make yourself vulnerable to several threats, including a form of data theft called bluesnarfing.

On the road

While on the road, you can stay in touch with family and friends wherever you have a PC and Internet access: at a cybercafe or bookshop, in the airport, or even through an Internet connection at a friend’s house. Since computers and networks you use away from home may be used by many other people, you need to always use caution to protect your email and any personal information you may have included in it. Give particular attention to the tips offered under our page on data theft.

Ethical Issues

Sending Email Messages. You should pay special attention to the content of your messages and ask yourself if you are sending anything that might be offensive or cause some harm to another. You should not use email to intentionally threaten or abuse others, nor should you send harassing messages to people. You should also not use the disguise of email to say things that you wouldn’t say in a face-to-face conversation. Here, a variation of the Golden Rule applies: Only send the kinds of email messages to others that you would like to receive.

You should always remember that email messages are very good at delivering factual information, but not good at all when it comes to conveying tone, attitudes or feelings. In face-to-face conversations, people can rely upon nonverbal cues or vocal inflections to understand the full meaning of what a person is trying to communicate. But these hints are missing in email messages, and what might be meant as a direct remark can sound like a hostile one in an email. This is why you have to be very careful about how you phrase things in an email.

Just because you get an email that you think is funny or interesting doesn't mean that you should forward it to everybody on your contact list. People often get annoyed with mass emails or consider them an invasion of their privacy. Only send emails that are necessary, and it is a good idea to personalize them with your signature.

Other Considerations. It is inappropriate to give another person’s email address to a third party, such as a business that sends out promotional emails or spam messages. This would be infringing upon the privacy rights of another.

You should not electronically quote the writer of email that was sent to you or forward their complete message to others without their permission. People believe that the email they send will be kept confidential, and you would be breaching this confidentiality if you were to share what others say without either their explicit or implicit permission.

Legal Issues

Harassing somebody with unwanted or threatening email is illegal and can lead to an arrest. Email can be easily traced back to its sender, so you should never use email as a weapon.

Privacy Issues

Depending on the email system of your Internet service provider, webmail service or the policies of your mobile phone service provider, your email accounts may not be as private as you think. Someone could get your password, read your email, and even send emails as you. Check the privacy policy of your service providers to see what measures they take to ensure your privacy. Additionally, your provider may keep copies of the email you send and receive in an electronic archive. Depending on the circumstances, they may need to turn over parts of that archive to the government if asked.

My home page