Information Technology

Safe Email Practices

Why?

Unsafe computing can corrupt your files, expose the contents of your internal drive to strangers, cause other computers to become compromised, and even allow your computer to be used by spammers to send millions of unsolicited emails.

Using safe email practices helps you:

• Protect your inbox
• Protect your computer
• Protect your privacy
• Protect your friends and neighbors

Here are recommendations you should follow to protect yourself when using email.

1. Set up your email client correctly.

Many email clients have features that seem like they enhance your convenience, but sometimes these are at the cost of your security and privacy.

• Make sure you are connecting to the mail server via SSL.
  SSU's mail servers only accept SSL connections for receiving mail. This protects your password from being captured by unauthorized users.
• Disable your preview pane.
  Some malicious messages can be activated simply by viewing them in the preview pane. You don't need to open them (by double-clicking, for example) for your computer to be infected, or information about you to be gathered.
• When using Webmail, use the safe images option.
  Spammers often use HTML email with links to images. When you view the message, a request is sent to the spammer's web server for that image. Spammers can tell from their server log files exactly which recipients viewed their email. Viewing those images essentially guarantees you'll be receiving more spam.
• Consider setting your preferred message type to Plain Text.
  Most spam is in the form of HTML email. Viewing messages in plain text, and not downloading embedded images, can cut down the likelihood of more spam.
• Filter Junk.
  If your email client has a junk mail filter, turn it on and learn how to use it.
• Disable automatic downloads.
  If your email client downloads attachments by default, disable it. And know where your client saves downloaded attachments.

2. Sign Up for SSU's SpamAssasin - Graymail Filtering.

SpamAssassin is an automated mail filter that tests incoming messages to identify unsolicited commercial email. SpamAssassin looks at email headers and text content and assigns points for spam-like characteristics. Messages with too-many points are tagged as spam and can be filtered.

Graymail is generally questionable email, usually spam. At SSU, you can sign up for a server-based Graymail filtering service which will move all SpamAssassin-tagged email into a "Graymail" folder in your email account. Each day you will receive an automated message listing the incoming graymail items. You can view the items in your graymail folder at any time.

Go to the SSU Email Tools page to sign up for Graymail filtering, customize your SpamAssassin preferences, and manage your Graymail folder and messages.

3. Screen messages before viewing them, and delete anything that appears suspicious.

1. Carefully examine your list of unopened messages.
   Do any of them come from people or addresses you don't recognize? Do the subject lines have words with too many spaces, or long random numbers? Do they seem too good to be true, or somehow odd? If so, it's probably best to just delete the message along with any attachments.
2. Wait! Don't open that email yet...
   If a message has attachments don't open it unless you know the sender and are expecting the attachment. If you're not sure what it is, contact the sender before opening the message and ask exactly what the message and attachment is.
3. Don't be fooled by Dirty Tricks.
   Most computer worms (a kind of malicious program) spread themselves via email by spoofing addresses found in the infected computer's address book and sending copies of itself to other addresses in the address book, so it's very likely that an infected message can appear to come from someone you know. Many of these messages will use vague or generic subject lines like "Re:     " or "Hi." Others will try to look like they come from a technical support service, or even from Microsoft. Be careful about opening these.

4. Open your messages, but beware the Next and Previous buttons.

Using the Next and Previous buttons to open and move from message to message is convenient but dangerous, especially if you don't screen messages thoroughly, or if new messages come in while you're reading other screened messages.

5. Handle Attachments Safely.

• Don't open attachments unless you are absolutely sure about what they are and who they came from.
  Even attachments that were sent directly to you by a known sender might contain malicious code.
• Be especially careful with MS Word & Exel files.
  When opening Microsoft Word or Excel attachments containing macros, always select the "Disable Macros" option.
• Beware of Dangerous File Types!
  Some file types have been deemed unsafe by Microsoft. Most of these file types are executable or exploitable and are considered unsafe to send and receive as email attachments. SSU's email servers scan all incoming email messages for attachments using these unsafe file types. If you also use an off-campus email address, you should be aware of these unsafe file types. Never open one of these unsafe file types sent in email. While many of these file types can only harm computers running Windows, some file types are potenitally hazardous on Macintosh computers.
• Windows Users - Make Extensions Visible
  Some malicious attachments will "pose" as a harmless file type like digital image by including that file type extension in it's name. You might get an attachment called "hawaii.jpg" and think it's a picture from your friend's vacation. But it might actually be a .pif file, one of the exploitable file types. This can happen because Windows does not display file extensions by default, so a .pif file named"hawaii.jpg.pif" will appear as "hawaii.jpg"
  1. Open Windows Explorer.
  2. Click Tools > Folder options... in the menu.
  3. Select the "View" tab in the dialog box.
  4. Remove the check mark in front of the "Hide extensions for known file types..." option.
  5. Click OK.

6. Install and Use Virus Detection software.

Virus detection software can help identify and eradicate viruses that might slip through the cracks of your email security, or sneak onto your computer in files transferred by disk or download. Even if you use a Macintosh (which aren't adversely effected by viruses to the degree of computers using Windows), virus detection is an important part of protecting yourself and being a good internet citizen.

Information Technology provides a free installation of McAfee Anti-virus to all students living in the residence halls.

7. Don't Unsubscribe.

Spammers often include an "unsubscribe from this list" link in their messages. This makes them appear more responsible and reputable, but they often use this as a way to confirm your email address so they can send you more spam or sell your email address to other spammers. If you don't want it, mark it as junk and delete it.

8. Be a Good Internet Citizen.

• Don't use your email in ways that will contribute to the problem.
• Don't send unsolicited email and attachments.
• Don't forward chain letters.
• Don't respond to or participate in email hoaxes.
• Don't send attachments which use the "unsafe" file types.
• Don't post your SSU email address (or other students addresses) on publicly accessible web pages.
• Use a "disposable" email account (a free account from yahoo or hotmail) for online shopping and posting to off-campus online discussion boards.

 

 

 

SONOMA STATE UNIVERSITY • INFORMATION TECHNOLOGY
(707) 664-4357 • 1801 East Cotati Ave • Rohnert Park, CA 94928

Contact | Website Problems | XHTML | CSS | 508 | Download Plugins | IOBoard | last updated: 2007-12- 4