Jump to content

OE6 Secure handling of e-mail


Wazoo

Recommended Posts

Outlook Express 6 - all current updates applied

Tools | Options | Security

Checked box - Restricted Zone (see Note 1)

Checked box - Warn me when other applications ....

Checked box - Do not allow attachments to be saved .... (see Note 2)

Tools | Options | Receipts

Checked box - Never send a read receipt

Tools | Options | Read

Checked box - Read all messages in Plain Text

(other boxes here at your option)

Tools | Options | Connection

Checked box - Ask before switching dial-ip connections

Note 1: You must set Restricted Zone settings under Internet Explorer (IE)

IE | Internet Options | Security

Select Restricted Zones

Click on the Custom Level button

If items are not "Disabled" then at least set them to "Prompt"

(you don't want anything to "run" here .. and setting to "Prompt" usually just means that you will see a pop-up warning like "an ActiveX scri_pt wants to access your system .. click yes or no" .... which as you see doesn't tell you anything about what the scri_pt is, what part of your system it "wants" ... never mind what it's going to do if you "allow" to access your system ... a whole lot easier to simply not allow access at all by going with "Disabled")

Note 2: Although great if setting up a "new" user, this is usually more than a bit frustrating to those that are accustomed to "click on the attachment to see what it is" ... which of course, is exactly why this option has been made available <g> This setting can be changed on a case-by-case basis if one has to absolutely handle the attachment, but better would be to view the source of the message first, then handle it however necessary .. copying the 'important stuff out to a 'new' file, changing this switch setting (and remembering to switch it back when done), or simply deleting the e-mail.

[Example, one of those infamous AOL Fwd: Fwd: Fwd: Fwd type e-mails that will show up as a blank screen in your Preview Panel (if it is turned on) ... When looking at the source of the message, scrolling down 20 or 30 screens full of all those other people's addresses that you've never heard of, only to finally get down to the "real" message and find that it was nothing more than a "mail this to everybody on your Buddy List in the next 30 minutes and your life won't turn to crap!!!!" ... believe me, better to have deleted it at first sight <g>)]

OK, now have to ask you to play along with me a bit, as we don't "do graphics" here, so we have to pretend a bit .... Here's a spam I received recently and all that showed in the Preview Panel is the following;

New Page 2NBC  CBS & 60 Minutes Put this on national TV

THIS STUFF WORKS!

. . </ht

As you can see, not a lot of stuff there ..

If I was to right-click on the Subject Line in the list (or hit the Forward icon in the Toolbar) .. this is what would show up in the e-mail to be Forwarded;

From: "AMAZING NEW DIET PILL (seen on TV)" <xxxxxxx[at]idirect.ca>

To: <xxxxxx[at]hotmail.com>

Sent: Saturday, January 29, 2005 3:00 PM

Subject: Miracle Pill?

> New Page 2NBC  CBS & 60 Minutes Put this on national TV

>

> THIS STUFF WORKS!

>

> . . </ht

Sending this to anyone else (especially the SpamCop parser) will end up with a question about just what you might be trying to accomplish, as there is no detail to show how you received the e-mail, much less identifying where it came from. We need to include the "real" source data of the e-mail to show the actual and full headers .. and in doing that, you might be surprised at what else shows up <g>

Right-click on that Subject Title once again (in the list of e-mails) ... Select "Properties" .... Select "Details" ... Select "Message Source" ... Right-click in that pop-up box, select "Select All" ... right-click again in that now highlighted text area and select "Copy" .... go back to your "e-mail to be forwarded" and right-click in that text area at a good spot (above or below the stuff already in there) and select "Paste" ... When looking at the sample spam I'm using, here's the surprise we were waiting for ... what was really in that e-mail that didn't make it to my screen;

X-Message-Status: n
X-SID-PRA: AMAZING NEW DIET PILL (seen on TV) &lt;xxxxxxx[at]idirect.ca&gt;
X-SID-Result: TempError
X-Message-Info: pC37NJ8+wY3fI16ovlxLdiTS2aoYxJNGJtIxyX4rRvQ=
Received: from cable-68-119-70-205.abr.al.charter.com ([68.119.70.205]) by
  mc6-f10.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
  Sat, 29 Jan 2005 13:01:37 -0800
From: "AMAZING NEW DIET PILL (seen on TV)" &lt;xxxxxxx[at]idirect.ca&gt;
To: xxxxxx[at]hotmail.com
Subject: Miracle Pill?
Date: Sat, 29 Jan 2005 13:00:35 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
  boundary="--screwystringofmadeupcrapchanged"
Return-Path: somepoorinnocentperson[at]mail.rhein-ruhr.de
Message-ID: &lt;MC6-F10KABHsbNTu04V0000ac3e[at]mc6-f10.hotmail.com&gt;
X-OriginalArrivalTime: 29 Jan 2005 21:01:37.0789 (UTC)
FILETIME=[B91972D0:01C50645]


----screwystringofmadeupcrapchanged
Content-Type: text/html;
uasribsfgstychinicasfgllxpdbhrntuxscypoteicrwmpxutrotitasgcasfglefasentkno
wledpefectianmrhtyudlsenijexteeorphasneunrightly
Content-Transfer-Encoding: base64


PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIg
Y29udGVudD0iZW4tdXMiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250
ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjUyIj4NCjxtZXRhIG5hbWU9IkdF
TkVSQVRPUiIgY29udGVudD0iTWljcm9zb2Z0IEZyb250UGFnZSA0LjAiPg0KPG1ldGEgbmFt
ZT0iUHJvZ0lkIiBjb250ZW50PSJGcm9udFBhZ2UuRWRpdG9yLkRvY3VtZW50Ij4NCjx0aXRs
ZT5OZXcgUGFnZSAyPC90aXRsZT4NCjwvaGVhZD4NCg0KPGJvZHk+DQoNCjxwIGFsaWduPSJj
       &lt;dozens of screens of this stuff snipped&gt;
Z2d1ZWxmc2ZnbmRjZnNmZ3NoYm9va1M7IGcgZkRESVRJT05mTCBnIExJZkJJTElUWSBnIG5v
bnN1cHBrZXNzaW9ubWlja29raG9waWZzZmdzNjENCg0KLS0+DQouDQo8L2h0bWw+
----screwystringofmadeupcrapchanged--

As you can see, the "real" e-mail was very much different that what was displayed (again noting that I saved you from having to wade through screen after screen of gobbledygook with that big snip in the middle of the Base64 encoded crap) ... Now we could talk about why and how all that gobbledyegook gets translated into "plain text" .. but that's for another time. We could also talk about how badly this e-mail was "composed" (actually, more like manufactured) looking at details not found (like what e-mail application was in use when this idiot "wrote the e-mail) ... details missing (like the lack of a second and an ending Boundary line) ... details totally bogus (like the alleged HTML section that is actually nothing then gibberish [or a bit of tracking data for the paranoid out there]) ... but we won't <g>

Some of the items I'm trying to show here;

1. What you 'see' isn't necessarily what that e-mail contains.

2. Securely handled, it's not likely that you will get bitten by an e-mail.

3. With this data now captured, you can send your complaint .. in the case provided, I sent my complaint (entire spam content, no editing) to webcomplaints[at]ora.fda.gov , spam[at]uce.gov , and abuse[at]charter.net .... (again, decoding of the Base-64 crap to pull out referenced web-sites is for another story <g>)

4. Why simply "Forwarding" your OE e-mail to the SpamCop parser doesn't work.

Link to comment
Share on other sites

  • 3 months later...

Why not just Forward as Attachment as described at How do I submit spam via email??

Please see Outlook Express 4, 5 and 6 and note that "Forward As Attachment" in OE6 is on the "Message" Menu, and is the default action for the "Forward" Button when multiple messages are selected.

Also, please note that "Forward as Attachment" for spam submittal to SpamCop is limited to 50 attachments or 100,000 bytes (whichever comes first) PER SUBMITTAL EMAIL.

Edit: 2005/05/12 13:48 EDT - Jeff G. added " PER SUBMITTAL EMAIL".

Link to comment
Share on other sites

Why not just Forward as Attachment as described at How do I submit spam via email??

That wasn't part of the "Some of the items I'm trying to show here;" that drove this entry. Primary focus was the security settings, then trying to demonstrate why the simple "Forward" action wasn't sufficient for the SpamCop parser to chew on. But your query was a good way to bring in the 'correct' submittal process. Thanks.

Link to comment
Share on other sites

  • 6 months later...

Somehow I feel as though I am missing something, but don't have time to find out what.

I like Wazoo's explanation, but for someone who is frustrated and looking for an answer, it won't do as the first item they find. I don't think it is, though.

In general, there is always /too much/ information. And I know why there is.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...