Safer E-Mail Handling with Outlook Express

Outlook Express in Windows XP Service Pack 2 (SP2) helps you assess the likely safety of attachments. It also helps to keep you from unwittingly validating your e-mail address to spammers by blocking images in e-mail.

Defend Against Suspect Attachments

Millions of people opened an e-mail that said "I love you" even though it came from business associates they barely knew. Millions of people opened what they thought was an image of a tennis star. And, as we know, millions of people infected their computers, their networks, and their friends' computers with viruses which, when activated, mailed themselves to many of the contacts listed in the infected computers' address books.

Many viruses (and their ugly relatives, worms) spread through file attachments in e-mail messages. Virus writers capitalize on people's curiosity and willingness to accept files from people they know or work with, in order to transmit malicious files disguised as or attached to benign files.

New security technologies in Windows XP SP2 help to reduce the spread of viruses through e-mail. Now, Outlook Express calls upon the Attachment Manager to help you make smarter choices when you receive e-mail attachments.

•	If an attachment is considered safe, Outlook Express makes it completely available to you, displaying apparently safe images and making it possible to open apparently safe attachments. Examples of attachments in this category are text files (.txt) and graphics files such as JPEGs (.jpg) and GIFs (.gif).
•	If an attachment is potentially unsafe—an executable program, for example—Attachment Manager will block it so you won't be able to open it without taking explicit action, but you will see a notice of the blockage (as shown in the following image). Examples of attachments in this category include executable files (.exe), screensavers (.scr), and script files (including .vbs). Example of how Attachment Manager handles potentially unsafe attachments
•	If the safety of an attachment is undetermined, you'll see a warning (as shown in the following image) when you try to move, save, open, or print the file. If Outlook Express can't determine the safety of an attachment, you would see this message

Another benefit of Attachment Manager is that it is built on public code (API) that is available to any programmer to use to add safe, consistent attachment handling to the software programs they create. This can benefit you by providing a more consistent experience with attachments and minimizing the potential for confusion.

Increase Protection from Spam

Pictures and images embedded in HTML e-mail messages can be adapted to secretly send a message back to the sender. These are often referred to as Web beacons. Spammers rely on information returned by these images to confirm active e-mail addresses. Some spam messages contain Web beacon images so small that they are invisible to the human eye—but not to Outlook Express.

An improved defense against Web beacons is to stop pictures from downloading until you've had a chance to review the message. Outlook Express in Windows XP SP2 will now block images automatically in messages from people who are not in your address book. This goes a long way in preventing the verification of your e-mail address for spammers. It makes your e-mail name less useful to spammers and may result in your getting less spam over time.

Example of how Outlook Express shows blocked pictures—you can click to open them if you trust the source, for example an airline newsletter or an electronic invitation from a friend

This feature also minimizes a common annoyance for those using dial-up network connections. In earlier versions of Outlook Express, if you read an HTML e-mail message with a picture embedded in it, Outlook Express would automatically try to connect to the Internet to retrieve any reference images. With image blocking in Outlook Express, this will no longer happen.

Tip The issues with embedded pictures occur for those reading messages in HTML mode. You also have the option to read or preview incoming messages in plain-text mode to avoid some of these security issues. (Note, however, that you lose the ability to change the look of text—font, color, font size, and so on—when you are in plain-text mode.) To find out how to do this, read Use the New Security Features in Outlook Express. Also, you can read E-Mail Handling Technologies for more technical information.