OFFICE OF INFORMATION SECURITY NEWSLETTER
Using E-mail securely and correctly in 2010
If you are writing professionally using e-mail, apply the same standards of content and style that you would in any other professional communication.
If you use formatted e-mail (HTML-formatted messages), you cannot count on having the received message look exactly like the message you sent: fonts, sizes and layout may vary by recipient. If you want complete control over appearance, send an Acrobat PDF file.
Do not use REPLY ALL as your default method of replying to mail; use REPLY so your reply goes only to the sender unless you specifically want to reach everyone on the visible distribution lists in the TO and CC fields.
Don't put a distribution list into the TO or CC fields unless everyone in those fields should receive a reply from anyone who hits REPLY ALL. Instead, use BCC to conceal the distribution list unless you specifically want it to be known to all recipients.
Don't REPLY ALL to a previous message as a quick way of generating a new message, especially if you have confidential information in your text – you may reach people you don't want to reach! Instead, learn to use the mailing list functions of your e-mail software and choose the exact list of recipients appropriate for each message.
Don't put crucial information into the middle of an e-mail message with other topics. Put action items or other important information into e-mail with one topic per message. Use clear, descriptive subject lines for every e-mail message. In particular, don't put new topics in the REPLY to an old message stream.
Do not open e-mail messages from complete strangers unless you are a public figure. Do not open attachments from anyone unless you are expecting them; if you are in doubt when you receive a cryptic message from someone you know that has an attachment, ask them if they actually sent it and what it is.
Discard all messages that warn you of terrible things but have no specific date or source, that urge you to send them to everyone you know, or which promise you money for nothing.
Delete all messages from strangers which ask you for help supposedly from people who have stolen large amounts of money and want to share it with you or which tell you that you have won lotteries (it is illegal in the USA to participate in overseas lotteries!). These are all scams.
Do not forward warnings about anything – especially warnings about stuff you don't have any technical knowledge about – unless you personally take the responsibility to check the accuracy of the information; e.g., look up the keywords on snopes.com before even thinking of hitting FORWARD.
Do not send virus warnings to anyone, ever: it's not your business and such warnings are useless.
Install a well-known antivirus package on your system and pay the annual license fee to keep it current. Let it update itself as often as it wants – daily is good, hourly is better. Schedule a full system scan at least once a week and be sure that the product checks all files every time they are opened.
If you do forward a message, delete the useless FROM: TO: SUBJECT: headers so that your recipients won't have to wade through pages of junk before they get to the information you found interesting, funny or useful.
These are just some critical key points regarding professional, proper, and most importantly safe E-mail communications. For a more in-depth look at this always important internet communication method we use on a daily basis; please check out this great document composed by Dr. M. E. Kabay, PhD, CISSP-ISSMP from Norwich University. http://www.mekabay.com/infosecmgmt/emailsec.pdf