-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST04-023
Understanding Your Computer: Email Clients
The main difference between email clients is the user interface.
Regardless of which software you decide to use, follow good security
practices when reading or sending email.
How do email clients work?
Every email address has two basic parts: the user name and the domain
name. When you are sending email to someone else, your domain's server
has to communicate with your recipient's domain server.
For example, let's assume that your email address is
johndoe@xxxxxxxxxxx, and the person you are contacting is at
janesmith@xxxxxxxxxxxxxxxxxxx In very basic terms, after you hit send,
the server hosting your domain (example.com) looks at the email
address and then contacts the server hosting the recipient's domain
(anotherexample.org) to let it know that it has a message for someone
at that domain. Once the connection has been established, the server
hosting the recipient's domain (anotherexample.org) then looks at the
user name of the email address and routes the message to that account.
How many email clients are there?
There are many different email clients and services, each with its own
interface. Some are web-based, some are stand-alone graphics-based,
and some are text-based. The following are some well-known email
programs:
Web-based
* Hotmail
* Yahoo! Mail
* Gmail
Stand-alone graphics-based
* Outlook and Outlook Express
* Thunderbird
* Pegasus
Text-based
* Pine
How do you choose an email client?
There is usually an email client included with the installation of
your operating system, but many other alternatives are available. Be
wary of "home-brewed" software, because it may not be as secure or
reliable as software that is tested and actively maintained. Some of
the factors to consider when deciding which email client best suits
your needs include
* security - Do you feel that your email program offers you the
level of security you want for sending, receiving, and reading
email messages? How does it handle attachments (see Using Caution
with Email Attachments for more information)? If you are dealing
with sensitive information, do you have the option of sending and
receiving signed and/or encrypted messages (see Understanding
Digital Signatures and Understanding Encryption for more
information)?
* privacy - If you are using a web-based service, have you read its
privacy policy (see Protecting Your Privacy for more information)?
Do you know what information is being collected and who has access
to it? Are there options for filtering spam (see Reducing Spam for
more information)?
* functionality - Does the software send, receive, and interpret
email messages appropriately?
* reliability - For web-based services, is the server reliable, or
is your email frequently unavailable due to maintenance, security
problems, a high volume of users, or other reasons?
* availability - Do you need to be able to access your account from
any computer?
* ease of use - Are the menus and options easy to understand and
use?
* visual appeal - Do you find the interface appealing?
Each email client may have a different way of organizing drafted,
sent, saved, and deleted mail. Familiarize yourself with the software
so that you can find and store messages easily, and so that you don't
unintentionally lose messages. Once you have chosen the software you
want to use for your email, protect yourself and your contacts by
following good security practices (see US-CERT Cyber Security Tips for
more information).
Can you have use more than one email client?
You can have more than one email client, although you may have issues
with compatibility. Some email accounts, such as those issued through
your internet service provider (ISP) or place of employment, are only
accessible from a computer that has appropriate privileges and
settings for you to access that account. You can use any stand-alone
email client to read those messages, but if you have more than one
client installed on your machine, you should choose one as your
default. When you click an email link in a browser or email message,
your computer will open that default email client that you chose.
Most vendors give you the option to download their email software
directly from their web sites. Make sure to verify the authenticity of
the site before downloading any files, and follow other good security
practices, like using a firewall and keeping anti-virus software up to
date, to further minimize risk (see Understanding Firewalls,
Understanding Anti-Virus Software, and other US-CERT Cyber Security
Tips for more information).
You can also maintain free email accounts through browser-based email
clients (e.g., Yahoo!, Hotmail, Gmail) that you can access from any
computer. Because these accounts are maintained directly on the
vendors' servers, they don't interfere with other email accounts.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-023.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR0baJ/RFkHkM87XOAQJKiAgAi+7bRAXbfNNAx+HDw5vdwbZJ+F3POO3y
vAboq0/AKLSrBe7tWa532B9F55OvBWkAIgCvfyeaAi6TNpbqTEH9JAPdx0SWGu5A
5iz2A5NPo7KrzC4s3euXKmJT8tvgK4lFTnbQcE0V30VW9SiYNH/Bgb02LOQ0qKNN
V5Whmwr/EAhQwYpVT4Z9+vqJjy+Q0+8+NAVVdNjYT7B6qonIwQJMmK7roOLHc7c3
xpLVXQ0doY//FVm+WCWEexRJOdamSZgNxzcY1UTIgB+QyQTZphBRASBxBg3SxKq/
aeATYd9Q1F6ozZwbhOVsVaXSXksFo2gclAgPQHgh/FSisqgDaVOuog==
=0eQS
-----END PGP SIGNATURE-----
