My OperaA hint for keeping your safety while sending e-mails
Monday, February 8, 2010 7:21:44 PM
In this post I'm going to give some general guidelines for how to practice web safety while sending out e-mails.
The most important thing I can emphasize is this: Do not send your mail client or operating system in the header. Most modern mail clients these days has an option to enable or disable sending the client in the header. You should always leave this disabled, and if it's enabled by default, you should disable it. Why? Well, if you are giving out information as to which client you are using, you make it easier for an attacker to target your system. If you are in a corporate environment this is especially important due to the fact that almost all, or all, of your coworkers will be using the same mail client that you are using. This means if there is a specific vulnerability or exploit for your client, you are giving that information to a potential attacker. That information can then be used to compromise your system. Macs and Linux machines are not as susceptible to this, due to the fact that they are less likely to be targeted, but it is equally important to practice safe habits.
Example of changing headers: In Claws Mail for example, it is best to go to Configuration -> Preferences for Current Account -> [Send] Tab -> Check the box for "Add User Defined Header" -> Hit Edit -> Add your headers.
I added a custom one of X-mailer and have it as blank, I also have the X-OperatingSystem and User-Agent set to blank as well. This may make it harder for some people to receive my mails, because spam filters may see this as a spam attempt, but seeing as most people have my address in their address books which are by default usually white listed, I'm not too terribly concerned.
Another technique for protecting your information is to encrypt and/or sign the emails whenever possible. I realize that this isn't always a possibility, but it should be done in cases where it is possible. This will keep sensitive data out of prying eyes.
Another good habit is the same as with safe web browsing. Don't send an email to an unfamiliar address. If you are on craigslist or other sites, you may not have much of a choice here. In these types of cases, use a different account than that of your primary account. That is to say, have one account for business/work/family needs, and set up a secondary account for miscellaneous uses.
Yet another good habit, and this will be the last one mentioned here, is to remember to use different passwords. Don't use the same password you use to login to myspace or facebook to login to your email. Don't use the same password you use for your email to login to your computer. This one is mostly common sense, but people never seem to follow it as they should. You want to remember to change your password frequently. I have read recommendations for quarterly (every 3 months), monthly (~every 30 days), and in extreme cases (highly sensitive networks) even every seven days. Some companies require you to do this on their networks, but if you are a home user it is up to you to remember to change these passwords.
A key note on passwords - to create a really strong password do this... Think of a sentence of about six to eight words... Something like Pikles This Blog Is Really Helpful Thanks!
Now we take the first letter from each word and get - PTBIRHT
Switch the case of some of the letters, be random, don't do every other letter something like - PTbIrhT
Now we add some padding of numbers. Think of a date that is important to you, and only you.
Not a birthday, or anniversary, or the day you got promoted. Something secret, that only you will think of...
Add that to your key - 070789PTbIrhT
Still not very secure...
We want the numbers in random spots, so now something like - 0PT70bI7r8hT9
then add at least two symbols, and even up to 4 - @0PT70bI$7r8hT9<
Or use symbols to represent letters - 0P+70b!7r8%hT9<
Both still have symbol padding. Both are 16 characters long.
You can shorten the sentence based on how long the password is allowed.
The more symbols you use, and the farther apart they are on the keyboard, the harder your key is to break.
It should be alpha-numeric and include symbols.
Generally 8 characters are considered safe. I usually use between 12-16, depending on what the maximum allowed length is on the server.
There are sites that generate easy to remember pseudo random passwords. There are several sites detailing in more detail the specifics on password safety.
Remember, this list is non-exhaustive, it is not complete. You should research other safe habits. Mostly, use as much common sense as you possibly can to ensure your safety.
Another post
PiklesOnFire
The most important thing I can emphasize is this: Do not send your mail client or operating system in the header. Most modern mail clients these days has an option to enable or disable sending the client in the header. You should always leave this disabled, and if it's enabled by default, you should disable it. Why? Well, if you are giving out information as to which client you are using, you make it easier for an attacker to target your system. If you are in a corporate environment this is especially important due to the fact that almost all, or all, of your coworkers will be using the same mail client that you are using. This means if there is a specific vulnerability or exploit for your client, you are giving that information to a potential attacker. That information can then be used to compromise your system. Macs and Linux machines are not as susceptible to this, due to the fact that they are less likely to be targeted, but it is equally important to practice safe habits.
Example of changing headers: In Claws Mail for example, it is best to go to Configuration -> Preferences for Current Account -> [Send] Tab -> Check the box for "Add User Defined Header" -> Hit Edit -> Add your headers.
I added a custom one of X-mailer and have it as blank, I also have the X-OperatingSystem and User-Agent set to blank as well. This may make it harder for some people to receive my mails, because spam filters may see this as a spam attempt, but seeing as most people have my address in their address books which are by default usually white listed, I'm not too terribly concerned.
Another technique for protecting your information is to encrypt and/or sign the emails whenever possible. I realize that this isn't always a possibility, but it should be done in cases where it is possible. This will keep sensitive data out of prying eyes.
Another good habit is the same as with safe web browsing. Don't send an email to an unfamiliar address. If you are on craigslist or other sites, you may not have much of a choice here. In these types of cases, use a different account than that of your primary account. That is to say, have one account for business/work/family needs, and set up a secondary account for miscellaneous uses.
Yet another good habit, and this will be the last one mentioned here, is to remember to use different passwords. Don't use the same password you use to login to myspace or facebook to login to your email. Don't use the same password you use for your email to login to your computer. This one is mostly common sense, but people never seem to follow it as they should. You want to remember to change your password frequently. I have read recommendations for quarterly (every 3 months), monthly (~every 30 days), and in extreme cases (highly sensitive networks) even every seven days. Some companies require you to do this on their networks, but if you are a home user it is up to you to remember to change these passwords.
A key note on passwords - to create a really strong password do this... Think of a sentence of about six to eight words... Something like Pikles This Blog Is Really Helpful Thanks!
Now we take the first letter from each word and get - PTBIRHT
Switch the case of some of the letters, be random, don't do every other letter something like - PTbIrhT
Now we add some padding of numbers. Think of a date that is important to you, and only you.
Not a birthday, or anniversary, or the day you got promoted. Something secret, that only you will think of...
Add that to your key - 070789PTbIrhT
Still not very secure...
We want the numbers in random spots, so now something like - 0PT70bI7r8hT9
then add at least two symbols, and even up to 4 - @0PT70bI$7r8hT9<
Or use symbols to represent letters - 0P+70b!7r8%hT9<
Both still have symbol padding. Both are 16 characters long.
You can shorten the sentence based on how long the password is allowed.
The more symbols you use, and the farther apart they are on the keyboard, the harder your key is to break.
It should be alpha-numeric and include symbols.
Generally 8 characters are considered safe. I usually use between 12-16, depending on what the maximum allowed length is on the server.
There are sites that generate easy to remember pseudo random passwords. There are several sites detailing in more detail the specifics on password safety.
Remember, this list is non-exhaustive, it is not complete. You should research other safe habits. Mostly, use as much common sense as you possibly can to ensure your safety.
Another post
PiklesOnFire
