Notes: This is an expanded version of the original Nov. 2010 posting. I’ve learned a LOT about email since then, and this is a compilation of my thoughts on the subject. Secondly, don’t feel obligated to try this at home. These articles are here to describe what I do for you, and help you feel more informed and confident with your technology!
Ever seen one of those movies, where the hero tries to stop a hostage from firing a gun or grenade? That’s… pretty much how I feel whenever I see some poor person using Outlook Express.
Please, PLEASE, people. If you use Outlook Express to check your email, you really should use another method. Every time you use OE, God kills a kitten- er, a computer.
I’m not suggesting you stop using email. I’m not even suggesting you change your email address. However, today we’re going to talk about email security and how to protect yourself properly. I see massive frustration with email every week, and the solution is more interesting than you’d think!
The Usual Suspects
First, let’s talk about the most commonly used email programs, known as Email Clients:
Outlook Express is a software program written by third graders in 1985. It allows you to read and write email in a somewhat user-friendly manner. Here are some of its features:
- Tons of security holes, with new ones discovered all the time. Basically the Trojan and Virus Superhighway.
- Because of this, OE requires a constant barrage of updates (read: duct tape and Bondo) that may or may not break your computer.
- Zero spam protection (unless you encumber it with Norton or Mcafee Spam Filter add-ons)
- If your kids tug on your pants and say “Where does Spam come from?” The answer is Outlook Express. Rogue organizations send viruses to Outlook Express computers in your very neighborhood, and those computers become distribution centers for all that Viagra and Mortgage spam you love so much. Computers infected in this way are known as spam zombies.
- Uses the Patty Hearst method of dealing with security threats. (More on this in a moment.)
Outlook (aka Office Outlook)
Unfortunately, most large organizations in the world [think they have to] use Microsoft Office Outlook. It’s Microsoft’s full-featured email client. It offers a calendar and address book alongside your usual email capabilities. Here are some of Outlook’s features:
- Extreme feature overload – Outlook has nearly 70 billion different Options menus – none of which are intuitive. Want to adjust the way your mail is displayed? Go to your local community college and get a degree in Outlook Studies.
- During my year at Very Large Organization, people would call and report random folders of their email archives being suddenly empty. The explanation: Outlook randomly goes into Flagged mode and hides most of the emails in some folders. It’s YOUR job to rescue those messages. (Many people would pay $100 for a fruitless virus scan at that point.)
- Freezes or crashes randomly, especially when Add-Ins are installed. But wait, there’s more! If you have more than a few thousand emails in Outlook, it actually has the capacity to slow down your entire computer until you clean out some messages. (Be sure to empty your Deleted Items Bin more than once per decade.)
- Outlook seals up all your contacts and messages in something called a PST file – If one one small piece is recorded incorrectly, the entire PST can become corrupted.
- Ah yes, security threats. Upon receiving some sort of threatening email worm/virus, both Outlook and OE open up their Address Books and basically say “How can I help? Here are all my friends! Please send them viruses too!” I had a customer who refused to stop using OE until the day all her clients received a pornography-laden virus from her computer. Fun stuff.
I’ve seen it happen with Outlook on a grander scale. During my time at a Very Large Organization, one person clicked on one foul email, and contracted a virus. The virus snagged Outlook’s address book, and before you could say “C’mon in,” all 5,000 people in the organization received the virus immediately. THEIR copies of Outlook then re-sent the virus to EACH OTHER and all their contacts OUTSIDE the organization.
Windows Mail (Bundled with early copies of Vista)
Just another less-than-secure Microsoft mail client. Thunderbird has trouble importing from it, but the cool thing about it is, you can drag your messages from your mail folders directly onto folders on the Desktop and transfer them to other clients in this manner.
Windows Live Mail
Comes with many Windows Vista and Windows 7 machines – A regurgitated version of Outlook Express with new and fancier ways of corrupting your messages.
WLM’s problems range from stupid (right-clicking on anything can leave a permanent menu in the middle of the screen) to the outrageous (one-third of your messages disappearing for no reason). Surprise! It’s happened to two of my customers so far.
WLM is a component of the Windows Live Essentials bloatware package – Once we go over how to replace it with a competent mail program, you can remove it easily: Go to Control Panel> Programs and Features> then Windows Live Essentials>Uninstall, then “Remove one/all components” and tell WLM and its cronies to hit the road.
Sure it’s old, but it’s no OE! Besides, if you’re using it, you’re using it at work where you have no choice. Thus we won’t talk about it.
Webmail (Using a website as opposed to an Email Client)
If you currently visit a website to check your email (such as webmail.whoever-your-employer-is.com, Gmail, Hotmail, or even *cringe* AOL or Yahoo), keep up the good work. With this method, your email messages are kept safely on a server, and the only common security threat occurs if some crook finds out your password. (If your friends start seeing mysterious emails from your address, simply change your password.) That’s it; you’re done. Proceed to the end of the article!
If you’re already using Thunderbird as your mail client, you’re in a lot better shape than many other people. You can actually stick with Thunderbird because, in my opinion, it’s the safest mail client for Windows. It’s designed by volunteers and it’s light-years ahead of OE in terms of stability and security. And, it even auto-imports your messages, address book, and server settings from your previous client. If it’s not already in your life, later we’ll talk about why it might be in your future!
If you’re on a Mac, your options include Entourage (retired), Outlook (eechhh), Thunderbird (see above), or Mac Mail. Mac Mail is a really decent client with good spam protection and a nice comfortable interface. It has a really unique and brilliant feature: Bounce. If you’re reading a message and know it’s from a spammer (or Forward-Joke obsessed uncle), just click Bounce and it replies to them with a fake “This email address no longer exists.” error message!!! Brilliance.
BlackBerrys, Android Tablets, and Apple iWhatevers have their own mail clients built in. They’re perfectly safe to use, mainly by virtue of them not being Outlook.
Under the Hood
In this next section, you will learn HOW email is delivered. There are two major ways to do email: POP and IMAP. Let’s discuss both of these methods.
POP – Short for Post Office Protocol, POP was invented by a Triceratops and a Velociraptor sometime in the Cretaceous Era. Unfortunately, most local Internet Service Providers use it, such as Road Runner and Frontier.
When someone emails you, your POP email service throws the message at your computer like a disgruntled paperboy. There are several major issues with this:
- First off, there’s nowhere else in the world you’re allowed to check that email. If you DO start checking messages elsewhere (such as on the Webmail site of your ISP, or on another Outlook computer), there are two possible outcomes:
- NEW messages are thrown on that computer, and older ones are still exclusively on the original computer. Imagine trying to use a POP email address regularly on two computers or a computer and a BlackBerry – yep, logistical nightmare. Nothing is synchronized.
- The other possible outcome is that each email is thrown at all of your devices – meaning, you’ll have to sort out your Inbox ALL OVER AGAIN on each device you have, every day. Again, nothing is synchronized.
- Next, none of your messages are backed up. YOU are responsible for maintaining backups of the email messages you want to save, and it’s a bit of a bother to do.
- Finally, If you use the free email addresses provided to you by your ISP (e.g. firstname.lastname@example.org or email@example.com), you’re married to that ISP. If you decide to change providers or move out of the city, you lose that email address.
IMAP – Short for Internet Message Access Protocol, is the proper way to do email. It’s the year 2012, and even beginner users want to check their email on multiple devices.
With IMAP, instead of your email provider’s server tossing messages AT your computer, it holds all of your messages safely inside itself. This way, when you check your email from all of your computers, iPads, iPhones, Blackberrys, and even from a hotel computer in California, ALL of your mail is visible – the old stuff you’ve archived, the items you’ve sent, and of course your new stuff.
The computers and mobile devices simply view your collection of email. Thus, there are no synchronization nightmares, and if heaven forbid your computer or iPad blow up, you don’t lose anything.
As an added bonus, your user experience can stay the same! Your messages are viewable on a website (such as yourcompanymail.com) when you’re on the go, from your favorite mail client (in other words Thunderbird or Mac Mail), or from your mobile device. Put simply, everything shows up no matter what device you’re using at the moment.
“Yes! I have these same headaches on my computer! What do I do?!”
Here’s what you (or I) can do!
- If you’re a heavy email user, use the Migration plan. You create an IMAP email account, move your messages over, and there you’ll see messages sent to both your old and new email addresses.
- If you love email but don’t have a lot of old stuff, you care about, use the Stepping Stone plan.
- If you use email occasionally from one computer and it isn’t critical to you, you may continue to use your POP email. However, the least you should do is change clients, so follow the Resurfacing plan.
POOF! A MILLION BILLION TIMES SAFER.
Bring Your Friends
Of course, many people value their address books. Most mail clients will allow you to export your contacts if you decide to move your mail on up to Gmail. All you do is find your address book, then Export as a CSV file. In Gmail, you go to Contacts, then Import, then feed it the CSV.
Note that Windows Live Mail was likely programmed by interns on Orientation Day. As such, exporting your address book from there to Gmail results in a mess of names with no email addresses… just comments in each profile that mention the person’s address! Some really deep modification of the exported address book is necessary. I do it often and it’s a real pain.
- When exporting your contact list from Office Outlook, half the time it won’t know how to give them to you! It stops and says “Please wait while Windows Setup blah blah blah” and half the time it crashes. Very professional.
- In Office Outlook and OE, you can just go to Tools>Accounts and delete the email account in question, which just takes away outlook’s ability to check for new mail. BEWARE, though – if you delete an email address from Windows Live Mail, IT DESTROYS ALL THE EMAILS associated with that account. Silly interns!
- Always keep your work and personal email as separate as possible and avoid commingling them. In the event of a crisis, your employer and/or government regulators would then feel inclined to investigate your personal stuff.
Better yet, take a break from email! Call someone on the telephone, or [heaven forbid!] write them a handwritten letter. Show them you care. We’ll see you next time on Teknosophy.