Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.

com/features/99-email-security-tips-112006/

Stay Current

Features
Hacking Email: 99 Email Security and Productivity Tips

Everyday, and some not everyday tips, on how you can keep your email safe and secure.

IT Security Staff on November 20, 2006

719
diggs

digg it

HACKING EMAIL: 99 TIPS TO MAKE YOU MORE SECURE AND

PRODUCTIVE

When people read out a phone number, they use "phone rhythm." No one has to explain "phone
rhythm," we all just seem to do it automatically, "…713...555...12…34". Similarly, when we
answer a phone call we all say, "Hello." No one taught us to do that, but somehow we all
seemed to pick it up.

So why is it that when it comes to emails, there are no accepted standards? Even though 6
billion emails are sent every day, almost no one agrees about simple things like email etiquette,
how to organize a note, or whether emails are considered private or not.

The 99 tips in this article make up the best in email practices. From how to ethically use the
‘BCC:' to what attachments will make your mobile emailing compatible with everyone else's, this
list covers everything you need to know about emailing.

Etiquette
We're all guilty of bad manners once in a while, but when it comes to emailing, some
people are downright clueless.
1.
Don't send private messages with the company account. If you want to send
personal messages from work (and you should probably try to minimize this), use a
freebie account like Hotmail, Gmail, Yahoo!, or Excite, if your office permits it. The
content of your emails is less visible to employers through these accounts, so the
private messages you send will stay private.
2.
Use BCC if necessary. If you must send a group email to people who do not know
each other, don't add their addresses to the form's CC field; this is one method
spammers use to harvest email addresses. Instead, use BCC (Blind Carbon Copy)
for their addresses, and put your own email in the form's "to" field.
3.
Don't send form letters. Its impolite to send form letters, especially to your friends
and colleagues unless they are all part of a group that is expecting them.
4.
Don't forward chain letters. Just don't do it. Enough said. That includes the email
that says that if you don't forward it to 10 people you'll die. I don't care how
superstitious you are, don't send them.
5.
Be professional. Ensure your work emails don't contain 'u', 'afk', 'ty', 'jk' and/or
several million other texting/chatroom acronyms. These developed because cell
phones' keypads aren't well-suited to writing fully-formed words, sentences and
paragraphs. In business communications, however, they may give the impression of
childishness and illiteracy.
6.
Be professional, part 2: Check tone. Be aware of the professional (or not)
relationship between yourself and the recipient before starting an email. Use that to
gauge what topics are appropriate to write or not, as well as the tone of your writing.
This may be common sense to most, but you’d be surprised at how often the rule is
ignored.
7.
Be careful. Email is not private; it can be intercepted anywhere en route to its
recipient. In addition, it can live on for years in recipient email boxes, later to return to
its sender in choice quotations. Think before sending email you will later regret.
8.
Cut down on sigs. Signature files, especially in business, should contain as few
lines as possible. Four lines is a figure generally agreed-upon. Email that consists
of a two-line statement and a ten-line signature will have its recipients rolling their
eyes.
9.
May I quote you? When you respond to an email, the original email is quoted. Cut
the most relevant sentence from the message to which you are responding, preface it
with a '>' (if it's not already there) and paste the quote above your response. Delete
the rest of the original email from your response, unless you are responding to other
points in the original.
10.
Don't use email when you are angry. This is a tip from Joan Tunsall's Better, Faster
Email (non-affiliate Amazon link). While most of the time email does not convey your
emotions, particularly humor, it somehow seems to transmit anger - even when you
don’t intend it to come through..
11.
Get clarification. If someone sends you an email that upsets you, make sure you
haven't misunderstood. As mentioned previously, emotion and tone do not always
carry over well in email. Instead of responding angrily, in your response, quote the
portion of text that you are unsure of and ask the sender to clarify. Indicate what you
think it means, if you like, then ask if you've misunderstood.
12.
Don't spam friends. Occasionally, company mail servers go on the fritz and send
forty-five copies of the same email to the recipient (personal experience). Even if it's
not your fault, it is polite to apologize profusely to your friend, family, or roommate.
13.
Consider the quirks of other email systems. For example, say that you have a
friend with a Hotmail account and want to send a list of hyperlinks. Hotmail doesn't
handle hyperlinks inside of an email very well. For example, you cannot easily copy
the actual URL, without a bit of effort. So anyone used to tabbed browsing, such as
with all recent web browsers (including, finally, IE7.x), may find it frustrating trying to
open a link in a new tab or window. It's hard to know about all types of email
systems, but some awareness reduces frustrating situations for recipients.
14.
Respond to group email appropriately. If someone has sent a group email that
requires a response, but only to the sender or a couple of parties, don't copy everyone

1 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

on your reply.
15.
Don't respond to every group email. More specifically, it is alright to sit out a thread
of group conversation if you are not being addressed directly. However, read the
emails carefully to make sure that you are not being expected to respond.
16.
Respect email laws and regulations. Some countries have very specific rules about
bulk emailing. If you use email to promote your business, you need to know the laws
for not only your country but probably wherever you are emailing to. It's a tall order,
given the global village of the Internet, but its importance cannot be overstated.

Communicating & Effectiveness

Now that we've covered the basics of emailing with manners, it's important to make
sure your intended message is actually getting across.
17.
Use meaningful subject lines. Write something "meaningful" in the subject line, to
give recipients a clue as to what your email is about. This is increasingly necessary to
distinguish legit emails from spam. The latter's subject lines are are often deceptive.
18.
Be brief. Do not send excessively long emails if at all possible. Try to summarize
your information so that your recipients are more likely to read the email and actually
respond. When possible, break long emails into numbered point form so that
recipients can respond by reference number.
19.
Summarize. Precede a long email with a short summary.
20.
Cheat with templates. In his Five Fast Email Productivity Tips, author Merlin Mann
recommends 'cheating' -- using templates and form letters - when you find yourself
answering (or asking) the same questions repeatedly. A good percentage of first-year
college students learn to do this when writing email to family, friends, and significant
friends back home.
21.
Use 'Reply All' when necessary. Usually, the common advice is to not use "reply all"
if other recipients of a group email do not need your response. But forgetting to use
"reply all" when appropriate is simply inefficient. If the vast majority of a group needs
to hear a message, writing in individual emails addresses will waste your time and
increase the chances that you’re going to leave someone important out of the email.
22.
Remember the telephone. Unless you need a written record of a given
communication (or if the person you're communicating with is long distance),
consider calling (or sending a letter to) your intended recipient instead of an email.
People often default to writing an email because it is quick and easy; but sometimes
a handwritten letter or phone call can provide the personal touch your communication
really needs.
23.
If it's urgent, say so. Writing 'URGENT' in front of your email's subject will make it
stand out from the crowd, and most likely get timely attention from the recipient.
Make certain it is urgent, however; remember how much attention was paid to the
boy who cried wolf when his cries really mattered.
24.
On vacation? If you will be out of your office for a lengthy period of time, set up an
autoresponder to inform whomever emails you of your absence and your expected
return. This is polite (the message is only sent to a given email once), and it prevents
a lot of "I'm waiting for your response" emails. A quick warning, however, to not use
an autoresponder for your home email; you shouldn't advertise an empty house.
25.
Use smileys. If you think that something you've written might be misunderstood in
tone or emotion, use the appropriate smiley. It should be obvious, but this tip does not
apply to work or other professional emails, or if the person doesn't know you already.
Marketing genius Seth Godin wrote the The Smiley Dictionary [book], and there are
several sites with something similar: Helvig's smiley dictionary, the unofficial
smiley dictionary, and EFF's unofficial smiley dictionary.
26.
Proofread. There is a difference between typos and poor writing. Poor writing
improves with practice. Typos stay typos unless you take the time to eliminate them.
If you are applying for a job or freelance gig, it's especially important to prufreed
before you send that email. And as if you needed another reason to be concise,
remember that the chance of typos is directly proportional to the length of your email.

Mobile Email
27.
Know your limitations. Mobile email is best for very dexterous people. It isn't always
the most productive way to communicate for everyone. Reading emails via mobile is
fine, but if you don't have the thumb dexterity to use the keypad to respond, save your
thumb the pain and just handle your emails on a computer.
28.
Use voice-to-text. There are mobile applications out there that will convert your
spoken word to text, which you can then use for mobile email responses. Because
this technology is just starting to go mainstream, if you want it you are going to have
to shop for phones specifically with voice-to-text capability.
29.
Duplication of email, or lack thereof. If you plan to access email from both a mobile
device and a computer, keep in mind that some email servers and client software
download each email to the device you are using, and delete it from the server. This
could be hazardous to your career, if you access with a mobile device, read it, and
then delete it with the intent of responding from a computer later. So make sure that
you know how your client handles the mobile/computer divide.
30.
Be exclusive. It's best to set up a separate email account for your mobile devices. If
you plan to be away from a laptop or desktop for an extended period, you can redirect
your regular email, with full filters on. Use this email account only for your mobile
device. By having to separate accounts you can make sure to send all your
subscriptions and other large regular emails to your main account. You can also sign
up for new products with the computer account to make sure you won't get
spammed, before you have those emails come to your mobile account.
31.
Don't send email attachments to mobile devices. If you know that a colleague will
be using their mobile device to check email for an extended period of time, avoid
sending him or her attachments. Send a snippet of text instead, if possible, or a URL
where they can download when they have access to a laptop or desktop.
32.
Use mobile email sparingly. Cellular wireless data plans often have a monthly
bandwidth cap. Sending attachments (or receiving them) can be hazardous to your
wallet. Some mobile email services function by letting you see that you have
attachments, but others will automatically download. So for the sake of you and your
colleagues wallets save the attachments for later.

Productivity, Folders, and Filtering

Email is only a useful technology if it remains an efficient means of communicating.
The dual threats of spam and disorganization make email less efficient, so
overcoming those deficiencies is the theme of this section.
33.
Respond promptly. Don't leave email unread for more than two days. Look at it

2 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

immediately and either respond to it immediately, or -- after reading it -- move it to a

"must respond" folder.
34.
Repond promptly, part 2. Acceptable email response time for personal emails is 24
hours. Acceptable professional response time varies by industry. Know your expected
response time and check your email accordingly.
35.
Respond promptly, part 3. If someone sends you an excessively long email and you
do not have time to respond to the entire email, respond with a brief email
acknowledging its receipt and your intent to reply in more detail.
36.
I go to pieces. If you receive an email which must be responded to in its entirety but
requires a substantial investment in time to respond to, respond to it in parts. Quote
each original point that you are responding to, so it is clear what you are referring to.
Make it clear that you are responding in parts, or else the recipient may wonder if you
missed the latter part of their message.
37.
Exercise discipline. Check your email at regular intervals. Whether its every 5
minutes or every 5 days, people need to be able to rely upon your response time, so
come up with a schedule that works for you and stick with it.
38.
Organize by Urgency. Email clients and web-mail applications like Hotmail and
Gmail will allow you to sort your emails in the order with which you need to respond
to them. Consider making 'Urgent', 'Must Respond', 'Personal', 'Information' and
'Misc' folders. Then move inbox messages accordingly. You can make this sorting
process more automatic by applying filters to email addresses, so that your email
client will do the sorting for you.
39.
Be selective. Not every email you receive requires a response. 'FYI' and group
emails, for instance, should be read and filed. Non-work-related email from strangers
should be forwarded to your home email address for later consideration.
40.
Be quick. Email you send at work should consist of questions if you need
information, or declarative sentences if you are supplying it. At work, email is best
used for the transfer of knowledge - chatty banter and essays are best saved for other
venues.
41.
Know your limits. Don't subscribe to dozens of free "tips" sites if you don't have time
to read the items. If you feel must do this, for whatever reason, use a freebie email
address for this or consider an RSS feed instead.
42.
Cut to the chase. Sometimes a text chat is the best way to resolve a communication
quickly, instead of sending a dozen emails back and forth. By keeping the bank and
forth emails to a minimum, you keep your inbox under control and prevent the need to
declare email bankruptcy and starting all over.
43.
Do what the Gurus do. There are a number of great writers who focus almost
exclusively on tips to keep you technologically organized. Some Gurus of note: Merlin
Mann of 43-Folders, mentioned elsewhere in this article, and David Allen, author of
Getting Things Done are good examples.
44.
GTD - get things done. Don't move anything from your main inbox into a folder if you
haven't read it yet. It's likely to stay that way. Read it, respond, and file it. That way,
your main inbox holds only unread messages. Or at worst, those you haven't
responded to yet. This makes it easier to "get things done" more efficiently, in terms
of email-triggered tasks.
45.
Be specific with email titles. An email's subject line is what enables its recipient(s)
to appropriately handle it. The famed 'Re:' standing alone on a subject field is either
spam, or a response to one of your less-informative titles. Specificity not only
facilitates easy filing, but makes locating a given email in your sent box months after
the fact (when you need to prove something, or again find that bon mot) a heckuva lot
less time-consuming.
46.
Use freebie accounts. Always use freebie accounts for all those "free" subscriptions
you sign up for. No matter what they tell you, you will get unsolicited mail as a result,
at some point in the future. And it'll clutter your inbox, making you less productive.
47.
Blacklist Spam emails. Don't just delete the spam you get sent, blacklist it. By
blocking the sender of spam emails you can drastically cut down on the total amount
of spam you get. Surprisingly, a good amount of spam is from repeat senders, so a
few months of diligent blacklisting can keep spammers at bay.
48.
Enable spam filters. Most email clients, including freebie webmail types, have spam
filtering that can be turned on or off. They are not 100% accurate, so you should
make a habit of visually scanning your spam folder to ensure you haven't missed
anything important. But that inconvenience is still worth leaving the filter on.
49.
Ditch your spammed out email account. If you have a freebie account that is loaded
with incoming spam, save all your important contact info, backup desired emails,
then ditch the email address. Get another one and then notify all your contacts. Don't
forget to update any websites where your address is published.
50.
Prevent email overload. Kaitlin Duck Sherwood has a handy, quick guide to
preventing email overload. One that is simple but effective is to say "no need to
respond", or some such, if a response is not necessary.

Email Attachments
The ability to attach documents has revolutionized the way in which we do business.
Despite its benefits, however, attachments are one of the least standardized parts of
emailing.
51.
Keep attachments small. If you are sending a large attachement to someone,
whether they have a free email or not, they probably have an inbox size limit. Stay in
good favor with them by only send attachments of no larger than, say, 30-40
Kilobytes, unless they've requested it of you. That means that many videos and large
pictures should be uploaded to the web instead of attached to an email.
52.
Don't forward attachments. Except in a work environment where it might be
expected, check with your intended recipient before sending attachments. If it is a
large file, consider that sending it may block their account from receiving additional
email because they exceeded their disk space quota. Attachments also take up
company resources and eat up bandwidth unnecessarily. For example, if you send a
PDF file to a group of, say, 10 co-workers, the mail server sends 10 copies of the
same file and uses up 10x the space.
53.
Include an excerpt. If it's sufficient/ appropriate, include an excerpt of the document
(instead of attaching it) in the body of your email.
54.
Send a link instead. You are better off sending a link to something, if the material is
already online, or you can easily put it up on a secure site.
55.
Share a file. If the file is not online, and if you have the right to put it there (i.e., no

3 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

copyright issues, not company-sensitive material), then use a filesharing service such
as AllPeers, which lets you define who is in your buddy list. No one else can access
the document. There are also several online spreadsheet and word processor apps
these days. See Google Docs and Spreadsheets or Zoho. Both are compatible with
"Office" applications like Microsoft Office and Open Office, and let you share
documents. Once you've set a Google Doc or Zoho document to "share", you can
send colleagues a link.
56.
Share a file, part 2. If using file-sharing services or web-based office apps to share a
file is against company policy, try this. Most larger companies will have an Intranet
site, possibly with employee web pages. You may be able to upload your file to your
employee website. Just share the link in email. If your computers are part of the
same company network, you probably already know this, but there is usually a
common repository, possibly organized by project. If you and your colleague both
have the same network permissions, upload your file to the project area and email
them the directory path.
57.
Share a file, part 3. One alternative that works nicely, provided it is not against
company policy, is to use the file-sharing feature of a VoIP (Voice over Internet
Protocol) or VoIM (Voice over Instant Messaging) client, such as Skype or Windows
Live/ MSN Messenger. If you are in a large company, you might be using a more
corporate solution such as Lotus Notes, which, if memory serves, has its own
Messenger.
58.
Use Text/ RTF format instead of DOC files. Microsoft's Word files (.doc format) are
susceptible to some macro viruses. If you must send a document and cannot use one
of the options above, copy your document to RTF (Rich Text Format) first, then email
that as an attachment. Even if you don't have a virus on your computer, your
colleague may. If they receive an RTF file, then there is less chance they will respond
with a DOC file. (MS Word let's you work with RTF files as you would a DOC file.) It is
also okay to send .txt (raw text), .pdf, and image files. Bad to send: any .EXE or other
executable file. Possibly bad: .doc or .xls (Microsoft Excel spreadsheet) files.
59.
Consider using OpenOffice XML format. Open Office, a free open source
alternative to Microsoft Office, uses XML (PDF, 571 pgs, 1.5 Mb) text files, so they
are okay to send as well. (Text files cannot harbor viruses.) Open office lets you
create word processor documents, spreadsheets, presentations (similar to MS
Powerpoint), and drawings. It can read MS Office files, and can also output its XML
files to the appropriate MS Office format.
60.
Defer opening attachments. Don't rush to open an attachment just because it
appears to have come from someone you know. If you receive an attachment that you
are not expecting, don't open it. At least, first read the email and make sure that the
attachment is most likely legitimate. If you're still not sure, call/ VoIP/ email/ or IM the
sender to be sure. If the sender's computer has a virus, it may be attaching trojans to
all outgoing emails from them.
61.
Know what not to open. Opening spam can direct floods of it to your inbox,
multiplying the time you're chained to email by an order of magnitude. Beacons
embedded in spam - typically clear, one-pixel .GIFs sent from a machine controlled
by the spammer - advertise that you opened the email... and thus your address is
both valid and responsive. Let someone else do the work. Weeding out spam is
unpleasant, time-consuming and not unlike tip-toeing through a minefield. It's several
million times worse for ISPs, the more reputable of whom employ industrial-grade
filters that prevent the bulk of it from hitting their customers' inboxes. Doing some
legwork to determine which ISP filters the most before it hits you will ultimately save
you hours of grief.

Tricks, Hacks, Backup

The following tips are more about technical gadgetry and implementations rather than
etiquette or organization.
62.
Use a custom email reader. Certain types of email servers (POP3, IMAP, SMTP,
etc.) allow you to access your email from other software interfaces. This can come in
handy for custom batch filtering, and even for auto-separating emails into folders. You
might consider this, in order to create a custom mail reader for yourself. Obviously,
this involves some programming. EmailAddressManager has a quick guide to the
POP + IMAP + SMTP settings in Hotmail and other web browser-based email
clients.
63.
Aggregate emails. If you are subscribing to various emails, you might wish to collect
them into a single document, print them out, and read them at a later date. If you
have a custom reader (see above step), then you can tweak to produce a single RTF
or PDF document from all emails in a single folder or under a single label. This can
also come in handy if you want to collect a thread of conversation for an ebook or
regular book, or even a lawsuit.
64.
Learn to filter effectively. A student related the story that when he went back to
university to prepare for a Master's degree, the new email address assigned to him
already had 500+ spam emails waiting for him the first time he signed into his
mailbox. Because email addresses were produced using the first and last name of a
student, they were relatively easy to generate for spammers. All students at the
school were likely getting that much spam. Filtering of the mail server was woefully
inadequate, and didn't even have an auto-spam folder. The simplest way to rid
himself of the email in this case was to create a folder of emails to keep, scan the
inbox carefully for such email, then move them for safekeeping. Then, since all
remaining emails on a given page in the inbox were spam, a single click near the top
of the page selected all of them, and they could be easily deleted en masse.
Alternately, all emails could be selected with the single click, then desirable emails
unchecked individually, before the deletion. While this method is more prone to
deleting desired emails, sometimes that is your only option.
65.
Speeding up Google's Gmail. Digital Inspiration has some tips on how to increase
Gmail speed, if you are having some problems. The tips are browser-specific, but
clearing cache will probably work for all browsers.
66.
Gmail filtering. Digital Inspiration has numerous tips for more effective Gmail use.
One is that you can use Gmail email address aliases to help filter messages into
folders ('labels' in Gmail). So if you sign up for email subscriptions at different sites,
you can use a different alias for each site and have your Gmail account's filters
redirect email to the appropriate folder. This doesn't stop spam, but what it does do is
(1) organize your incoming mail; and (2) let you determine how a spammer got your
email address. This feature is probably one of the most powerful features for effective
email use, and to date is only supported by Google's Gmail.

System-Specific Mail
Here are some tips for some of the various email readers, including Yahoo, Hotmail,
Google Gmail, and Outlook. (Some Gmail tips are covered in the previous section.)
67.
Get Google Gmail. Google Mail, aka Gmail, is a relatively new contender in the email
reader market, free or otherwise. The problem is, you either have to be invited or use
your mobile phone, with text messaging capability, to sign up, if you live in a select
country (Australia, Indonesia, Malaysia, New Zealand, Philippines, Singapore,

4 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

Thailand, Turkey, United States). It's a strange list of countries, and the ones not
included are as much a surprise. But if you can manage to get a Gmail account, it's
worth it. It's an incredibly effective webmail system.
68.
Use Gmail formatting sparingly. Google Mail uses a very rich format for text, even if
you don't explicitly apply formatting. It's nice to look at, but if you are using Gmail and
sending to someone who is not, do not use any additional formatting.
69.
Visually track your Gmail conversations. Gmail has a nice little feature that makes
it easier to track a conversation thread visually. Beside each entry in your inbox, there
is a little "star" that when clicked on turns yellow. If you use your Gmail account for a
variety of incoming sources, the star can help you find a thread easily. When you are
done responding, you can turn off the star.
70.
Archive your Gmail conversations. Gmail makes archiving email threads extremely
simple. Other email systems let you keep folders as well. Gmail lets you attach
"labels" instead of moving items to folders. You can attach more than one label to
each email thread, thereby making it easier to find later. Labeled threads can stay in
the main inbox, or be "archived" to what amounts to a folder with the label name. If
someone that is part of the conversation thread responds after the email has been
archived, it resurfaces in the inbox with its label(s) intact, and can be re-archived if
desired. This nonlinear, "conversation object-oriented" treatment of the entire mailbox
in Gmail can be a more productive way to use email, if you are prepared for the
differences. It's a feature that is more common in standalone email clients, but
relatively new to web-based email readers.
71.
Utilize free Gmail disk space. Gmail offers over 2 Gigabytes of disk space for each
email account. If you are using the Firefox web browser, there is a neat little plugin
called Gmail Space that turns your Gmail account into a supplemental storage area
for files of any type and size. The interface is brilliant, easy to use, and looks a lot like
an FTP client. Once you sign up for a Gmail account, you to send out 15 invitations
for new accounts. Each invited account can invite 3 more people. While you don't
want to abuse it, you could probably use a few of those invites yourself. Just imagine:
2 accounts in your name gives over 5 gigabytes of free disk storage. This is great for
moving large files around between two computers that are not networked. There's no
limit to file size, but the Gmail Space notes say that you should try to avoid
transferring over 1 Gigabyte in the same day, else Google may block your account.
Also, it functions at present, but may not if Google changes Gmail in anyway.
72.
Gmail document conversion. Digital Inspiration has yet another Gmail tip, this one
for converting a variety of file formats into HTML automatically. It's so simple, you'll
be pleasantly surprised.
73.
Gmail MP3 player. This feature is pretty easy to discover, if someone sends you an
MP3 attachment, but Digital Inspiration explains how you can play MP3 files with the
Gmail player without logging into Gmail.
74.
Hotmail quirks. Hotmail has the quirk that if you click on a link inside of an email, a
new window pops up, regardless of the web browser you are using. Sure it's one of
the oldest webmail systems and sure there are millions of people using it, but power
email users should avoid it like the plague. With Gmail or even the new Yahoo beta
mail around, why bother with Hotmail?
75.
Outlook upgrades: call contacts. Microsoft Outlook has of late been getting "add
ons". There are several add-ons that integrate with your contact list to allow you to
call phone numbers from Outlook. For example, assuming you have Skype software
(free) running on your computer, the SkypeContact Dialer for Microsoft Outlook will
initiate a VoIP (Voice over Internet Protocol) call on Skype. Skype, if you don't already
know, is just one of many free software programs that let you actually make voice
calls from your computer to either another computer or even to landline phones. (You
can read more about VoIP at VoIPLowdown.com.)
76.
Outlook upgrades: RSS reader. The newest version of Outlook lets you subscribe to
RSS (Really Simple Syndication) "news feeds/ headlines". These are the same type
of "headlines" you see in Gmail or at a site like myYahoo.
77.
Yahoo mail beta: AJAXified. Yahoo! Mail has a new version that's just released that
uses AJAX and all kinds of web2.0-ish features that are supposed to enhance it. If
you do not like the workflow of Yahoo, try out their new "beta mail". It has multi-tabs,
to allow viewing of multiple emails simultaneously, and drag-and-drop of highlighted
emails into folders, fast deletion of blocks of consecutive email items, RSS feed
viewing, a calendar to manage tasks, and other features. If you don't like it, you can
switch back. At least for now.

Last but not Least: Privacy and Security

78.
Rule 1 of email privacy: there is no true privacy. Keep that in mind, and write your
emails accordingly. (See Exceptions below, under encryption.)
79.
Follow email compliance. This one is more for businesses rather than individuals.
But because it potentially treads on employee privacy, it is included here.
Publicly-traded businesses in some countries, for example the USA, must often
follow email compliance and do automatic backups of all employee communications.
Here is a 5 step guide for email compliance from IT Security. Email system backups
are a matter of course for most large organizations. But with more small companies
going public, this is something for employees to remember, which reiterates the
previous point: there is no real privacy in email.
80.
Copy that. When discussing sensitive topics with someone at work, CC (carbon
copy) a supervisor or colleague involved in the same project. This will cover your back
should the other person claim they didn't receive your email indicating their deadline
for some work, etc. This method keeps the conversation private for the most part, as
it's expected that your boss or supervisor has the discretion not to forward the email
elsewhere unless absolutely necessary, while simultaneously protecting you. All this
should be done independently of any regular system backups.
81.
Don't hand out your real email account freely. This is especially important for a
company's employees. Company email addresses should only be known to other
employees and a few close family members, in case of emergency. Some
companies publish a few employee email addresses on their website, but they really
shouldn't as this invites spam as well as creative phishing scams.
82.
Use a contact form. Your website (or your company's) should not display employee
emails online. Instead, use a coded contact form. When someone submits a
message, the web server's contact application can forward to the appropriate parties,
in multiple if necessary. When the receiving party responds to the contact form
message, they will at that point be revealing their real email address. But hopefully
they can distinguish between a real query and a fake one.
83.
Code your publicly-displayed emails. Spambots are web applications that scour
websites for recognizable email addresses. If you have a website or display your
email on anyone's webpage, "mangle" your email. It should still be recognizable by a
human. For example, if your email is bob.loblaw@mycompany.com, then try

5 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

something like "bob-dot-loblaw #at# mycompany-dot-com", or something similar. And

be INCONSISTENT. Spambots are getting smarter, as spammers refine them. Use a
variety of punctuation marks, but still have it human-readable.
84.
Better yet, use a freebie webmail account. You still want to code your email
address when you display it publicly. Also, don't make it obvious what your real email
is. For example, if your real email address is bob@mycompany.com, don't use
something like mycompany@hotmail.com. Some spam bots use addresses they
harvest to generate other combinations, just in case they get lucky.
85.
Don't unsubscribe blindly. If you start receiving "subscription" emails from some
source to which you didn't subscribe, don't use their "unsubscribe" link. If you do, you
might just find yourself getting even more emails. You're better off just adding the
email address (or the entire domain) on your inbox blacklist.
86.
Use a plain-text email client. If you use a plain-text email client, there's less chance
that you will fall for a phishing email, as either there'll be no active hyperlinks, or the
link will be obvious. In a similar vein, if you sign up for any sort of subscription email
service at a website, choose to receive emails in text mode only, if possible.
87.
Use a secure email client. See this IT Security article for some tips. IT Security also
has a brief discussion of email security, with a link to a buyers guide that contains a
list of email security vendors.
88.
Encrypt emails. Never send important/ private information by email unless you have
encrypted it. And even then, think twice before sending it. Also keep in mind that
certain forms of encryption may be illegal in your country. The difficulties surrounding
encryption mean that sensitive/ private information is still best sent on paper or via
phone. If you want to take the encryption route, 5 steps to make your email secure
explains some of the options.
89.
Encrypt, part 2: Use freenigma. Freenigma is a free Firefox web browser plugin that
performs email encryption for webmail-based email systems, including Gmail,
Yahoo, and Hotmail/ MSN. There will also soon be a corporate professional version
and a Microsoft Outlook plugin. But the basic version is free. However, to use it, the
person you are sending to must also have the plugin. Since the application is
currently in public beta and first- come- first- served, your intended email recipients
should sign up at the same time as you. There is also an open API (Application
Programmer Interface) so that you can incorporate freenigma into your own
applications. Read/Write Web has more details.
90.
Try steganography. Steganography is the act of hiding a message in some other
media, usually a digital photograph. If someone doesn't know the message is there,
they probably cannot find it, right? The only drawback is that if someone tests for
standard "data hiding" methods, they may discover your hidden message. Try
combining encryption and steganography. That is, encrypt a message, then bury it in
a digital image or another message.
91.
Escape from Nigeria. Nigerian fraud - wherein a Nigerian government employee
with access to untold riches just needs a chunk of cash from you so he can escape
the country - was known in the 16th century as the Spanish Prisoner Letter. In 500
years, no-one fool enough to send money ever received a cent or centavo back from
the criminals behind these scams.
92.
Don't get hooked. Phishing email - messages purporting to be from Paypal,
Western Union, e-Gold and other financial companies - typically promises account
closure and balance forfeiture if the reader doesn't click on the handy included links
and 'verify' or 'confirm' account details. The links look legitimate, but instead they
direct the worried recipient to a lookalike site set up to collect login and password
information, credit card and/or bank account details, et cetera. Never click links in
email of this variety; physically type the URL of the company's website into your
browser if you are concerned about your account. Honest companies will tell you
upfront that they never send this sort of email. That is, they will never send an email
where they tell you to click on an enclosed link to save your account from shut down.
93.
Don't get hooked, part 2. Similarly, do not click on the links of an email purporting to
be from some famous organizations, unless you have contacted them and are
expecting a reply. If you are using a web browser-based email client, hovering your
mouse cursor over a link should display, in the browser status line at bottom, where
the link is to. Look at that carefully. One unsuspecting 76-year old retired professor
with lots of computer experience thought he was getting an email from a famous golf
course in California, where he had actually played before. Clicking on the link caused
a flood of browser windows filled with porn to appear, causing him to lose much time
trying to figure out how to get rid of the problem.
94.
Don't get fooled again. PC Magazine offers a couple examples of how spammers
use clever subject line wording to get the unsuspecting to open an email. One
suddenly common way is to make you think that you sent an email which bounced.
95.
I bring sad -- but sane -- tidings. Regardless of what that email said, you did not win
the Irish Sweepstakes. Neither did you win the Yahoo Lottery. In fact, there *is* no
Yahoo Lottery. Typically, one has to purchase a ticket to win a lottery. Also,
legitimate lotteries don't ask you to send $550 to Nigeria.
96.
Teach your children well. If you have children, ensure they know what you know of
the points noted here and in other articles. Note, too, that additional online dangers
face them. Speak with them about predators; about using avatars instead of photos
of themselves online; about never sharing address, phone or other personal
information with anyone online; about telling you when someone makes them feel
uncomfortable or sends inappropriate pictures. If you're uncertain how to proceed, the
Kids' Rules at SafeKids.com will prove useful.
97.
Don't just delete -- destroy. When it's time to upgrade, back up, then import your
email and other important files to the new computer. Then comes the important part.
Stories of bountiful private data harvested from used and 'recycled' computer hard
drives whose data had simply been deleted from the OS or the command line (or
dealt with by DOS's FDisk) are rife. Many of these originated with an exercise
performed by Simson Garfinkle and Abhi Shelat, who published what they'd found
on 150 used hard drives they'd purchased. If you don't trust erasure programs which
overwrite sectors many, many times, you might consider a metal chipper shredder
(or, if on a budget, sledge-hammering the platters.
98.
Stay clean. If you suspect you have a virus on your computer, run a virus checker
(with an updated virus database) immediately. If possible, try to notify people on your
contact list. Many viruses perform the explicit purpose of harvesting email addresses
from your computer, then spamming them in your name. Running a regular virus
checker on your computer will keep you clean and protected, as well as keeping your
contacts out of "harm".
99.
Additional References
The following list of references and resources is by no means comprehensive. Some
of these links (and tips) have been used above, while others are simply things you
need to read:

6 of 7 12/3/2006 7:18 PM
Hacking Email: 99 Email Security and Productivity Tips http://www.itsecurity.com/features/99-email-security-tips-112006/

A beginner's guide to effective email: bibliography. This one is packed full of

not tips but links, some of which may appear below as well. Here is the link to the
main page: A beginner's guide to effective email.
Wayne State University email tips. Short, clear and to the point.
About.com's 6 simple savvy small business email tips. Tips 2 and 4 are
arguable. A contact form is better for first contact from someone else to your
company, especially if you don't know them. And checking email only once a day
is just not effective. Three times a day is probably much better. Once a day means
that you may find critical email-triggered tasks take much longer to complete.
Introduction to email. This is the intro page to chapter 4 of the online edition of
the book Netiquette by Virginia Shea. Chapter 10 has tips for using email at
work, and Chapter 15, email privacy - a grand illusion.
Email: Ten tips for writing it effectively has some good tips for effective
communication.
Avoiding the dark side of email.
Electronic mail etiquette.
Email etiquette.

If you would like to learn more about email security, visit the IT Security Email Resource
Center. For specific email security solutions, see the IT Security Email Security Comparison
Guide.

On December 7th at 4PM EST, IT Security and IronPort are presenting a webinar titled
"Beyond the Perimeter - Securing Email". This webinar features Stig Ravdal, CSO of Quiznos
Sub, and David Mayer, Product Manager of IronPort. If you would like to attend, click here.

7 of 7 12/3/2006 7:18 PM