"Linda" said in news:
[email protected]:
My tech advisors have told our users that "when the
preview pain is used in outlook, it opens the email even
though the envelope icon in the main window shows that the
mail is unread. This allows spam and viruses to enter our
network."
Is this true?
The suggestion to add anti-virus software is very good. However, it is
to compensate for users that open attachments without regard to their
source or to perform a check on them before running them. Getting an
e-mail with an attachment with a virus won't run that virus unless YOU
run that attachment. That means you had to select that attachment, opt
to save that attachment, and then choose to run that saved file. That's
a lot of prompts and actions to go through to claim it was accidentally
executed. Anti-virus software is a safety net to thwart a user from
accidentally shooting themself in their foot with a gun they didn't know
was loaded, but it cannot stop the user from accepting the gun
(selecting the attachment), sliding off the safety (saving the file),
and pulling the trigger (running the saved file) just so they can see
what happens. Despite all the safety measures that can be employed
using software, invariably it comes down to the user as the last
defense. Nothing stops a user from running an attachment if they so
choose.
Besides the other suggestions, check the security level your e-mail
client is configured to use (Tools -> Options -> Security). It should
be set to the Restricted Sites security zone. Then look in the Internet
Options applet to ensure that the Restricted Sites security zone is
configured to its High (default) setting. This will prevent any scripts
or ActiveX objects from running that are included in an HTML-formatted
e-mail.
However, none of the security zones will block web bugs which are linked
images that must be loaded from a server when rendering an
HTML-formatted e-mail. A unique image file can be inserted in an
HTML-formatted e-mail. When you open the e-mail to have its HTML
rendered to display it for you, your client must retrieve the linked
image from whatever server was specified. When the server gets the
request, it can record that request for the image file. The sender then
can see that the unique image was requested. Since the sender used a
unique image, they can lookup what e-mail was used that included a link
to that particular image file. You may never see the image; it can be
tiny and use the same foreground color as the background. Spammers use
web bugs. So do e-mail services like MsgTag to find out if a recipient
opened your e-mails (they borrowed the technique of web bugs from
spammers who have been using them for years). You need to have your
mail server strip out linked images or use an anti-spam product that
will do it for you unless you don't care about spammers finding out
their crap got to your valid AND monitored e-mail account. If you don't
want to employ anti-spam software to prevent web bugs (and other crap)
in your e-mails, turn off the Preview pane and guess from the headers as
what are good and bad e-mails.