Safe Email Practices
Unsafe computing can corrupt your files, expose the contents of your internal drive to strangers, cause other computers to become compromised, and even allow your computer to be used by spammers to send millions of unsolicited emails.
Using safe email practices helps you:
- Protect your inbox
- Protect your computer
- Protect your privacy
- Protect your friends and neighbors
Here are recommendations you should follow to protect yourself when using email.
1. Screen messages before viewing them, and delete anything that appears suspicious.
- Carefully examine your list of unopened messages.
Do any of them come from people or addresses you don't recognize? Do the subject lines have words with too many spaces, or long random numbers? Do they seem too good to be true, or somehow odd? If so, it's probably best to just delete the message along with any attachments.
- Wait! Don't open that email yet...
If a message has attachments don't open it unless you know the sender and are expecting the attachment. If you're not sure what it is, contact the sender before opening the message and ask exactly what the message and attachment is.
- Don't be fooled by Dirty Tricks.
Most computer worms (a kind of malicious program) spread themselves via email by spoofing addresses found in the infected computer's address book and sending copies of itself to other addresses in the address book, so it's very likely that an infected message can appear to come from someone you know. Many of these messages will use vague or generic subject lines like "Re: " or "Hi." Others will try to look like they come from a technical support service, or even from Microsoft. Be careful about opening these.
2. Open your messages, but beware the Next and Previous buttons.
Using the Next and Previous buttons to open and move from message to message is convenient but dangerous, especially if you don't screen messages thoroughly, or if new messages come in while you're reading other screened messages.
3. Handle Attachments Safely.
- Don't open attachments unless you are absolutely sure about what they are and who they came from.
Even attachments that were sent directly to you by a known sender might contain malicious code.
- Be especially careful with MS Word & Excel files.
When opening Microsoft Word or Excel attachments containing macros, always select the "Disable Macros" option if you are not sure if there should be a macro.
- Beware of Dangerous File Types!
Some file types have been deemed unsafe by Microsoft. Most of these file types are executable or exploitable and are considered unsafe to send and receive as email attachments. SSU's email servers scan all incoming email messages for attachments using these unsafe file types. If you also use an off-campus email address, you should be aware of these unsafe file types. Never open one of these unsafe file types sent in email. While many of these file types can only harm computers running Windows, some file types are potenitally hazardous on Macintosh computers.
- Windows Users - Make Extensions Visible
Some malicious attachments will "pose" as a harmless file type like digital image by including that file type extension in it's name. You might get an attachment called "hawaii.jpg" and think it's a picture from your friend's vacation. But it might actually be a .pif file, one of the exploitable file types. This can happen because Windows does not display file extensions by default, so a .pif file named"hawaii.jpg.pif" will appear as "hawaii.jpg"
4. Don't Unsubscribe.
Spammers often include an "unsubscribe from this list" link in their messages. This makes them appear more responsible and reputable, but they often use this as a way to confirm your email address so they can send you more spam or sell your email address to other spammers. If you don't want it, mark it as junk and delete it.
5. Be a Good Internet Citizen.
- Don't use your email in ways that will contribute to the problem.
- Don't send unsolicited email and attachments.
- Don't forward chain letters.
- Don't respond to or participate in email hoaxes.
- Don't send attachments which use the "unsafe" file types.
- Don't post your SSU email address (or other students addresses) on publicly accessible web pages.
- Use a "disposable" email account (a free account from yahoo or hotmail) for online shopping and posting to off-campus online discussion boards.