Disable HTML E-mail
HTML e-mail is not as safe/secure as text only e-mail and using it can reduce
your privacy. Outlook Express (and other e-mail clients) is configured
by default to read and send HTML based e-mail. HTML stands for "Hypertext
Markup Language". HTML code is used to structure and format what an HTML e-mail
looks like.
Click here to see an example of an HTML based e-mail.
Click here to see an example of a text only based e-mail. Compare both of these
examples and you see that HTML e-mail can include company logos and other images.
HTML e-mail can use a variety of fonts (the typeface/appearance of the letters)
and additional formatting like bold (darker) text. Shading can be included behind
sections of text (see bottom of example e-mail). Links to the Internet can also
be included within an HTML e-mail. Text only based e-mail by comparison is very
plain. To see an example of what HTML code looks like:
- right click inside any open Web page or HTML e-mail
- left click on "View Source" or "View Page Source"
Much of what you see is the HTML code used to structure/format the e-mail or Web
page. Other types of "script" in addition to HTML code may be included. When I use
the term "script"
I'm referring to a type of computer programming or scripting language. It is more
"powerful" than HTML and therefore poses a greater potential security risk.
"ActiveX"
controls may also be included within HTML based e-mail or Web pages. ActiveX controls
have been used to exploit and
threaten the security of computer users who use Microsoft products.
HTML code, script and ActiveX controls are normally hidden from your view
to make an e-mail or Web page easier to read. Within an HTML e-mail:
-
Links to Web sites or pages can be faked. The link you see can be different than
the link hidden within the HTML code of the e-mail. You might click on a link expecting
to go to your bank and end up at a Web site designed to look like your bank. This
Web site could be used to collect your username and password. Many variations of
this scenario could be devised to steal and use your private personal or business
information. In addition to the potential financial loss your identity could be
hijacked.
- Potentially dangerous code (script) can be included (embedded).
- Images known as "Web bugs" and other script can be included to track your online
behavior. An e-mail that utilizes these techniques can allow the sender to
determine:
- If you opened the e-mail
- The time and date you opened the e-mail
- The operating system (OS) your computer uses (Windows 98, ME, 2K, XP)
- The Internet browser you use (Internet Explorer, Mozilla Firefox, etc.)
- Your computers address (IP) on the Internet and therefore your general geographic
location
Web bugs, hidden script and other tracking methods enable those who send
unsolicited e-mail (SPAM) to know if your e-mail address is valid and actively used.
Once they know your e-mail address is valid they can continue to send you unsolicited
mail. Your e-mail address could also be sold to other spammers (person or business
that sends unsolicited e-mail). Using tracking information also allows a spammer
to improve the targeting of the content subject of e-mail they send you.
|
