Using e-mail safely and well

The long view of security strategies for your network.

In recent columns, I've been posting notes for public discussions on topics of Internet safety and appropriate behavior held at the Brown Public Library in Northfield, Vt. Today's column is the one-pager I distributed at the second of the discussions, which dealt with a few key points about using e-mail effectively and safely. Many of the points were drawn from articles originally published in this column over several years and collected in "Using E-mail Safely and Well" which is freely available for distribution (but not for re-posting on public Web sites).

Socializing safely via the Internet

I hope that readers will find the suggested discussion topics useful in their families, offices and

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In recent columns, I've been posting notes for public discussions on topics of Internet safety and appropriate behavior held at the Brown Public Library in Northfield, Vt. Today's column is the one-pager I distributed at the second of the discussions, which dealt with a few key points about using e-mail effectively and safely. Many of the points were drawn from articles originally published in this column over several years and collected in "Using E-mail Safely and Well" which is freely available for distribution (but not for re-posting on public Web sites).

Socializing safely via the Internet

I hope that readers will find the suggested discussion topics useful in their families, offices and

1. If you are writing professionally using e-mail, apply the same standards of content and style that you would in any other professional communication.

2. If you use formatted e-mail (HTML-formatted messages), you cannot count on having the received message look exactly like the message you sent: fonts, sizes and layout may vary by recipient. If you want complete control over appearance, send an Acrobat PDF file.

3. Do not use REPLY ALL as your default method of replying to mail; use REPLY so your reply goes only to the sender unless you specifically want to reach everyone on the visible distribution lists in the TO and CC fields.

4. Don't put a distribution list into the TO or CC fields unless everyone in those fields should receive a reply from anyone who hits REPLY ALL. Instead, use BCC to conceal the distribution list unless you specifically want it to be known to all recipients.

5. Don't REPLY ALL to a previous message as a quick way of generating a new message, especially if you have confidential information in your text – you may reach people you don't want to reach! Instead, learn to use the mailing list functions of your e-mail software and choose the exact list of recipients appropriate for each message.

6. Don't put crucial information into the middle of an e-mail message with other topics. Put action items or other important information into e-mail with one topic per message.

7. Use clear, descriptive subject lines for every e-mail message. In particular, don't put new topics in the REPLY to an old message stream.

8. Do not open e-mail messages from complete strangers unless you are a public figure.

9. Do not open attachments from anyone unless you are expecting them; if you are in doubt when you receive a cryptic message from someone you know that has an attachment, ask them if they actually sent it and what it is.

10. Discard all messages that warn you of terrible things but have no specific date or source, that urge you to send them to everyone you know, or which promise you money for nothing.

11. Delete all messages from strangers which ask you for help supposedly from people who have stolen large amounts of money and want to share it with you or which tell you that you have won lotteries (it is illegal in the USA to participate in overseas lotteries!). These are all scams.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.