This content is no longer maintained. Please visit our new website.

ACCC Home Page Academic Computing and Communications Center  
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help

Safe Email Viewing in Outlook

Safe Email Viewing Principles

These are the basic principles of safe email viewing, along with the essential principle for being safe when you're connected to the Internet. They're discussed in Safe Email Viewing; this page outlines how to apply them when you do email with Microsoft Outlook.

  • Principle Number 0, The Basic Requirement for Safe Computing at UIC: Download and install Norton/Symantec Antivirus and run LiveUpdate on a regular basis.
  • Principle Number 1: Before you open any email message, check its subject and whether it has an attachment, and never open any email message you're uneasy about.
  • Principle Number 2: Don't download and/or use attachments unless you've double-checked that they're legitimate.
  • Principle Number 3: Don't download HTML images.
  • Principle Number 4, mailserv only: keep your password secure with SSL.
Outlook Options

The most important part of safe email viewing in Outlook is the same as in Eudora -- social engineering -- your being careful. In fact, it's much more important in Outlook than in Eudora because, unfortunately, Outlook doesn't offer quite as many ways to protect yourself from your own mistakes. I suppose it's not terribly surprising that it's a lot easier to accomplish safe email viewing in Eudora than in Outlook. Eudora isn't intimately entangled with other programs and the operating system like Outlook is.

You can turn off the Preview Pane: View -> Preview Pane toggles it on or off. The next item in the View menu, Autopreview, displays only the first three lines of messages, or of unread messages, depending on how you have it set up; don't use that either.

Outlook Security

Now comes the problem. Your security choices in Outlook are tied to your security choices in Internet Explorer (at least). While you definitely don't want to execute Java or ActiveX in email messages, there are lots of Web pages that won't work properly if you don't allow them to run there. So you don't want to turn HTML executables off altogether.

I found a TechTV ( Web page, Adjust Your Outlook Express Security Settings, that had a really good idea on how to turn HTML executables off for Outlook but not for IE. They suggest setting Outlook up to use Window's Restricted Internet Security Zone, which in theory are sites that you don't trust at all. Turn off all the HTML executables for the Restricted Zone, which makes sense, and leave on whatever options you're comfortable with for the Internet Zone, which is mostly what Internet Explorer uses.

The instructions in the TechTV page are for Outlook Express.

Here's how to do it for Outlook 2000 and Windows 2000, which is what I happen to have. Your Outlook and Windows will probably be slightly different; that's the way it is with Windows.

In Outlook, select Tools -> Options -> the Security tab, select the Restricted Sites zone from the dropdown list and click the Zone Settings... button. A warning dialog box will open telling you that the changes you're making will affect Outlook and IE and so on. Click OK.

This opens the Web content Security box, figure 1. You can change the settings for any of the security zones here, but we're only working on Restricted Sites, which will already be selected. You'd click the Sites... button to add specific sites to the Restricted sites zone, but in this case it doesn't matter whether there are any sites in the zone or not; we're only concerned with the security settings for the zone. So click Custom Level....

Figure 1. Windows Security

illustration of Windows Security window

This opens the Security Settings box, figure 2. Select Disable or Prompt for all the Active X, Java, and Scripting options. If you want to turn everything off, you can select Reset to: High and click Reset. Then click OK, OK, and OK.

Figure 2. Security Settings

illustration of Windows Security Settings

And now for the bad news. There does not appear to be any way to tell Outlook not to download HTML images. In fact, Microsoft says that it can't be done. But a colleague pointed me to a column in Pioneer Press that gives a way to do it that involves editing the Windows registry. Workaround stops e-mail pictures by Jeffrey C. Kummer, Pioneer Press columnist. The bad news is the article is still there, but now you have to pay $2.95 to see it.

Modifying the registry is definitely not for the timid; if you mess it up, your whole computer might not work. Unless you're confident about what you're doing, please don't do it.

Turning on SSL in Outlook

Instructions on how to turn SSL on in Outlook and Outlook Express are in Using for Your Incoming Email Server and Turning SSL On.


2007-1-24  CSO
UIC Home Page Search UIC Pages Contact UIC