Email Protection

Whether you use a stand-alone email client such as Thunderbird, SeaMonkey Mail, or Microsoft Mail, or you access your emails through a web site such as Gmail or Yahoo, you need to be aware that there are security and privacy risks to which you're exposing yourself.

  • Never, ever, enable JavaScript for email or email attachments
    • While JavaScript may be fine for internet browsing, it can be dangerous when enabled for email content. Although most email clients have this disabled by default, be sure to check your settings.
  • Do not load images in email
    • unless you are sure it arrived from a trusted sender. A spammer will embed images and web bugs in email so the remote server where these images reside is contacted immediately upon opening and viewing the message, instantly verifying your existence and receipt of the message. Although most email clients will prompt you by default before loading remote content, be sure to check your settings.
  • Disable HTML for email
    • if you want to view the safest of all email messages. This will strip all HTML formatting and will prevent the loading of remote images (as described above) plus prevent cleverly-coded email worms that are designed to execute just by viewing HTML-formatted email. It will also help prevent phishing by revealing the text of actual links instead of hiding them behind alternate text or images. Check your settings for an option to view message bodies as "Plain Text".
  • Disable cookies in email
    • Most email clients have this disabled by default.
  • Never allow your email client to "View Attachment Inline"
    • ... unless you are sure it arrived from a trusted sender.
  • Never allow your email client to execute plug-ins
    • ... unless you are sure it arrived from a trusted sender.
  • Never open email attachments from strangers
    • Period. Do not open suspicious emails or email for which you do not recognize the sender. Delete email messages with attachments without opening them if received from an unfamiliar source. Even emails arriving with attachments from familiar sources may have been sent from infected systems, so you should confirm with the sender that the attachment was intentionally sent, before you open it.
  • Use encryption software
    • for sending your most private email messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard. Also remember that encryption is for the message body only -- it does not hide the subject line nor does it hide the message headers.
  • Never, ever use email to send confidential information such as credit card numbers, bank account numbers, or your Social Security number
    • Even if you use encryption and the correspondence is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and decrypted. It will only be as secure as the recipient's system permits. What does phishing look like? For examples of phishing emails seen at WesternU click here.
  • Never respond to emails asking for confidential information
    • Any email you receive requesting your credit card numbers, bank account numbers, or Social Security number either via email or a bogus web site link is surely an identity theft or phishing scam. For more information about phishing at Western follow http://www.uwo.ca/its/accounting/official-email/ 

Useful links:


Published on  and maintained in Cascade CMS.