Turn Off Message Preview in Your Email Client

Some of these tips may very well be “everybody knows” types of things, but I find that these are often the things that get overlooked. That’s why I’m publishing them as computer security maxims. Take a look at the recent furor surrounding the cold boot attack against disk encryption . That was an “everbody knows,” too.

I get questions all the over at Ask the Geek about using a mail client’s message preview feature. Opinions vary, of course, but for this geek, it’s a bad idea. In order to preview a message, it has to be opened or rendered by the HTML engine. Think about how a PC can be infected by a malicious web site and you’ll immediately understand the danger: The same malicious programs can exist in scripts in HTML messages. It’s a serious security risk.

Security Maxim #6: Always disable any message preview or auto-open features in your e-mail client. View messages as text-only until you know they are safe.