eMail Security
One side of the equation is your email client and the types of content you allow through incoming messages that may end up violating your privacy if not the security of your computer and maybe the entire network it’s attached to. Not funny.
Among the approaches to make eMail more secure might be to …
- use Thunderbird – although …
- disable its default behavior of rendering remote content
- completely disable its javascript capability
Double-click on the line stating javascript.enabled to toggle the Value column from true to false.
The reason behind these setting changes is that email is meant to convey information in the format of mostly text and maybe a few images, although a nice formatting and layout (pure HTML) doesn’t hurt. A mail client’s function is not to browse the net, so neither javascript nor cookies are appropriate. If you want to be even more stringent on security then you could insist on a text only email configuration.
The other detail that comes to mind, that I won’t get into in too much detail here, is to enable digital certificates for your email addresses/aliases. Thunderbird has made it so easy, any monkey can do it.
In light of so much illegitimate email circulating these days, wouldn’t it be nice if we could identify people we know without having to worry about their email and address having been spoofed only for that message to contain some malware that you then decide to click on because you thought you could trust its originator? Well, that’s what the digital certificate is for. You just have to attach your cert and exchange it, read import, those from your friends, family and co-workers.
This function is in the Tools :: OpenPGP Key Manager menu; then select Generate and pick New Key Pair.
