• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



Email is the most important computer application for many people. However, as an important tool for both home and work, it often comes under heavy attack. Whether the attack is spam, viruses, worms, or a denial-of-service attack, most people face a daily siege on their inboxes of some of the worst the Internet has to offer.

In this book, you look at many of the attacks that face email users. Through real-life case studies, you see how these email attacks work and what steps you can take to avoid becoming the next victim. Rather than focus on specific tools that attackers can quickly circumvent and that just as quickly need upgrading to the latest protection, this book focuses on the “how” so that you gain a real understanding of the problems and solutions.

This book also covers a wide spectrum of email-related attacks. This knowledge is becoming more important, as spammers, virus writers, con artists, and hackers are showing signs of collaborating and combining various email attacks into a single message. Spam might be the number one issue facing email users, but other attacks are not far behind.

This book also offers solutions to email attacks in an easy-to-understand format. With case studies and concrete examples, users at all technical levels will be able to take steps to secure their inboxes and leave themselves less vulnerable to attack.

Who Should Read This Book?

This book is suitable for any email users who want to understand more about how email attacks occur and what they can do to prevent them. Although it's not applicable only to “power users,” this book does assume a basic understanding of how to send and receive email, so it doesn't explain how to do these basic tasks. All email users should find steps they can take to make their email usage more secure, no matter their technical level.

For more technical users and email administrators, this book is not a tools book, showing how to configure email related tools. What this book does try to do is explain why the tools are needed and how they work. By explaining the basis for email attacks and how they can be defeated, this book should prove to be a useful resource even when the tools available today have been upgraded and enhanced. This book can also be useful as an aid to educate your users on proper email practices.

How This Book Is Organized

This book contains 10 chapters that describe major types of email attacks. Each chapter includes case studies demonstrating the problems that occurred, followed by a detailed description of the attacks. Case studies are followed up with sections on how to avoid the attacks and recover from them if you fall victim. Finally, each attack has a corresponding checklist of steps for reducing the risk of this attack compromising your system.

Chapter 1, “Stealing Candy from a Baby,” discusses how spammers are able to determine your email address. Whether harvesting your address from the Web, using simple guessing techniques, or resorting to a con, obtaining your email address is the first step toward email attacks.

In Chapter 2, “Neither Confirm nor Deny,” you see how spammers can determine whether your email address is active. You learn how spammers can determine when you read your email, what email program and operating system you use, and even where you're geographically located.

Chapter 3, “Bad Things Come in Small Packages,” discusses viruses and Trojan horses and the damage they can cause. You see how dangerous it can be to open certain attachments and how running applications from unknown sources can cause serious repercussions.

Chapter 4, “Using Email Clients for Good and Evil,” covers email worms. These viruslike email messages have recently been some of the most widely reported email attacks. Worms have been responsible for shutting down many companies' email services in minutes and usually spread over the Internet in a matter of hours.

In Chapter 5, “Would the Real Sender Please Stand Up?” you see how the email messages you receive aren't always from whom they seem to be. Spammers and other email attackers can easily spoof or alter an email address to give the appearance of email arriving from another user.

Chapter 6, “Unwilling Accomplices,” covers email relaying and how spammers can bounce email messages off misconfigured email servers. Using relaying can help them avoid blacklist blocks and usually causes negative results for the server owners rather than the attackers.

In Chapter 7, “Separating the Wheat from the Chaff,” you see how filters can be an effective way to reduce or eliminate much of the unwanted email in your inbox. However, there's also the risk of false positives, which are valid email messages caught by filters. This chapter explains how to use filtering effectively and reduce the impact of false positives.

Chapter 8, “Don't Send Us a Postcard,” describes how sending email is similar to sending a postcard in the mail. Although most users are aware that they need to be careful about passing sensitive information, such as credit card numbers, on the Web unless it's encrypted, often they don't think twice about passing the same information in an email message. This chapter shows you how easy it is for attackers to read your email messages and how to add encryption for sensitive information to your emails.

Chapter 9, “You've Got Some Email in My Web Site,” deals with the specific risks of using Web-based email applications. Although Web-based email offers many benefits, such as being able to check your email from virtually anywhere, it presents unique risks that aren't a factor in email programs, such as Outlook or Eudora.

In Chapter 10, “The Bigger They Are, the Harder They Fall,” you learn how a denial-of-service attack can significantly affect email usage. This chapter explains how attacks attempt to deny you access to your email and describes techniques for thwarting attackers' efforts.

Appendix A, “Email Protocols,” covers standard email protocols and explains the terminology in a concise, easy-to-understand format.

Appendix B, “Email Tools,” lists tools that can be used to defend against email attacks. Web sites for the tools are included so that you can look up more detailed information.

Appendix C, “Email Legal Issues,” describes some legal issues surrounding spam, such as the new CAN-SPAM act, and lists some Web sites for keeping up with the latest legal changes.

Special Elements

This book is composed of a number of special elements. Each chapter has sections describing the types of possible attacks related to that chapter's topic. Each section begins with one or more case studies of real-life problems in which people are attacked through their use of email. After the case studies, the “How the Attack Works” section describes how the attack works so that you understand how to recognize it and protect yourself. The “An Ounce of Prevention” section explains steps you can take to avoid becoming a victim of this attack, and the “A Pound of Cure” section tells you how to recover if you have been attacked. Finally, each section concludes with a checklist of steps for reducing your risk of becoming the next victim of this attack.

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint