Securing Your E-Mail

As your e-mail messages travel from server to server en route to you or your recipients, they are vulnerable to interception by hackers and others who are intent on viewing them. With Outlook 2007, you can safeguard your messages in several ways, including implementing digital signatures, encryption, plain text messages, and Information Rights Management (IRM). Only you can decide which of these strategies is most appropriate for your individual situation.

Digital Signatures

When sending messages, you can reassure message recipients that they are receiving valid messages from you by using a digital signature-a piece of code that validates the identity of a message sender (not the actual person, but the e-mail account and computer from which the message originates).

To digitally sign all outgoing messages:

1. On the Tools menu, click Trust Center, and then in the page list, click E-mail Security.

2. On the E-mail Security page, select the Add digital signature to outgoing messages check box.

3. If all your message recipients don't have Secure Multipurpose Internet Mail Extensions (S/MIME) security (for instance, if you're sending messages to people who you know aren't using Outlook), select the Send clear text signed message when sending signed messages check box.

4. Click OK.

To send digitally signed or encrypted messages over the Internet, you must obtain a digital ID from an independent certification authority. The first time you try to digitally sign or encrypt a message without having a valid digital ID installed on your computer, Outlook prompts you to obtain one. If you prefer, you can obtain one before you need it.

Obtaining some types of digital IDs, such as those used to certify the source of software programs, involves a stringent application process that can take weeks to complete. However, applying for a digital ID to certify documents and e-mail messages is a relatively simple process. You can have more than one digital ID on your computer, and you can select which one to use for each document or message. For example, you might have one ID for business use and one for personal use.

To obtain a digital ID to sign or encrypt documents and messages:

1. On the Tools menu, click Trust Center, and then in the page list, click E-mail Security

2. On the E-mail Security page, click Get a Digital ID.

   The Microsoft Office Marketplace Web page opens in your default Web browser, listing a number of providers from whom you can obtain a digital ID to certify documents and e-mail messages.

   Tip

   If you want to evaluate certification authorities other than those recommended by Microsoft, search the Web for "digital ID" or "certification authority," and you'll find a number of options. You can apply for a digital ID from any certification authority through its Web site. Digital IDs from one non-Marketplace provider we tested have a known compatibility issue with Windows Internet Explorer, so if you use Internet Explorer and you want to be certain you won't run into problems, you might feel safer sticking with the recommended providers.

3. Click the link at the end of a provider's description to display the provider's Web site.

4. Follow the instructions on the Web site to register for a digital ID.

   Some certifying authorities charge a small fee, but most offer free digital IDs or a free trial period. As part of the process, you will likely be required to respond to an e-mail message from your computer.

Your digital ID will be installed on the computer on which you complete the application process; if you need to use it on another computer, you can re-install it from the provider's site, or you can export the digital ID files from the original computer and import them on the other computer.

To export or import a digital ID:

1. On the Tools menu, click Trust Center, and then in the page list, click E-mail Security.

2. On the E-mail Security page, click Import/Export

3. In the Import/Export Digital ID dialog box, select whether you want to import or export your digital ID, fill in the information, and then click OK.

Many US and international certification companies offer digital IDs to certify e-mail. You will probably be most comfortable purchasing a certificate in your native currency. Regardless of where you obtain it, your digital ID is valid worldwide.

To digitally sign an individual e-mail message:

• ➜ On the Message tab, in the Options group, click the Digitally Sign Message button.

  Troubleshooting

  If you haven't previously used the Digital Signature feature in Outlook 2007, the Digitally Sign Message button might not be visible. In this case, click the Options Dialog Box Launcher, and then in the Message Options dialog box, click Security Settings. In the Security Settings dialog box, select the Add Digital Signature To This Message check box, and click OK. Then close the Message Options dialog box.

A message with a valid digital signature has a red ribbon on its message icon and a digital signature icon (also a red ribbon) in its message header. When you receive a digitally signed message, you can click the digital signature icon to view information about the signature.

Encryption

You can secure the contents of outgoing messages by using encryption. Encryption ensures that only the intended recipients can read the messages you send. The message recipient's e-mail program must have corresponding decryption capabilities in order to read the message.

To encrypt all outgoing messages:

1. On the Tools menu , click Trust Center, and then in the page list, click E-mail Security.

2. On the E-mail Security page, select the Encrypt contents and attachments for outgoing messages check box.

3. To receive verification that a message recipient received an encrypted message in its encrypted format, select the Request S/MIME receipt for all S/MIME signed messages check box.

4. Click OK.

To encrypt an individual message:

• ➜ On the Message tab, in the Options group, click the Encrypt Message Contents and Attachments button.

  Troubleshooting

  If you haven't previously used the Encryption feature in Outlook 2007, the Encrypt Message Contents And Attachments button might not be visible. In this case, click the Options Dialog Box Launcher, and then in the Message Options dialog box, click Security Settings. In the Security Settings dialog box, select the Encrypt Message Contents And Attachments check box, and click OK. Then close the Message Options dialog box.

An encrypted message has a blue lock on its message icon and an encryption icon (also a blue lock) in its message header. When you receive an encrypted message, you can click the encryption icon to view the layers of security in the message.

Plain Text Messages

These days, viruses and other harmful programs can easily be spread from computer to computer in e-mail messages. To ensure that the e-mail messages you receive won't harm your computer, you might want to display them in plain text, rather than in Rich Text Format or HTML. Links, scripts, and other active content are disabled in plain text messages.

To receive all messages in plain text format:

1. On the Tools menu, click Trust Center, and then in the page list, click E-mail Security.

2. On the E-mail Security page, select the Read all standard mail in plain text check box, and then click OK.

Information Rights Management

If you don't want a message recipient to forward, copy, or print your message, you can send it with restricted permissions. You use IRM to set these permissions, which control who can read your messages and what they can do with them. If the restricted message includes an attachment, such as a Word document, an Excel workbook, or a PowerPoint presentation, the recipient can't edit, copy, or print the attachment (unless you have set individual permissions within the document).

To use IRM, you need access to an IRM server. If your organization has its own IRM server, your administrator can advise you how to set restricted permissions. If you don't have access to an IRM server when you first try to set permissions for a message, Outlook prompts you to sign up for a free trial on an IRM server provided by Microsoft. To take advantage of this free trial, you select the Yes option in the Service Sign-Up dialog box and then sign up for a Rights Management (RM) account certificate for your outgoing e-mail address (which must be registered as a Microsoft .NET Passport or Microsoft Windows Live ID). After finishing the process, you can restrict permissions for outgoing messages sent from the computer on which the certificate is installed.

See Also For more information about Passport and Windows Live credentials, refer to Windows Vista Step by Step (ISBN 0-7356-2269-8), by Joan Preppernau and Joyce Cox (Microsoft Press, 2007).

To prevent message recipients from forwarding, printing, or copying a message:

• ➜ On the Message tab, in the Options group, click the Permissions arrow, and then in the list, click Do Not Forward.

The message header in the outgoing and received messages indicates what recipients can and can't do with the message.

To read a message sent with restricted permissions, recipients must have Outlook 2003 or later.

E-mail is increasingly being used as a means of delivering marketing information to customers and potential customers. Many companies include pictures in their marketing messages to help explain their product or to make the message more attractive and noticeable, but these pictures can make e-mail messages large. To avoid this problem, some companies include links to pictures that are hosted on their server. When you preview or open the message, you can see the pictures, but they aren't actually part of the message.

Some junk mail senders are using this technology to include Web beacons in their messages. Web beacons are small programs that notify the sender when you read or preview the e-mail message. The notification confirms that your e-mail address is valid, and might result in more junk e-mail being sent to you.

To help protect your privacy, Outlook includes features that block external content such as pictures, sounds, and Web beacons. In addition to helping ensure your privacy, this blocking technique can save bandwidth resources, because you choose whether to download images and sounds, rather than downloading them automatically when you click on a message.

By default, Outlook 2007 blocks external content to and from all sources except those defined in the Safe Senders List and Safe Recipients List . When you open or preview a message that contains blocked content, an InfoBar in the message header provides options for handling the blocked content. To view the blocked content in an individual e-mail message:

• ➜ In the message header, click the InfoBar, and then click Download Pictures.

To change the way Outlook handles external content:

1. On the Tools menu, click Trust Center, and then in the page list, click Automatic Download.

2. Select the check boxes for the options you want, which include:

   • Don't download pictures automatically in HTML e-mail messages or RSS items.

   • Permit downloads in messages to and from contacts listed in the Safe Senders List or Safe Recipients List.

   • Permit downloads from Web sites in the Trusted Zone.

   • Permit downloads in RSS items.

   • Permit downloads in SharePoint Discussion Boards.

   • Warn before downloading content when editing, forwarding, or replying to e-mail messages.

3. Click OK to save your settings.

Under most circumstances, the security provided by the default settings far out-weighs the slight inconvenience of manually downloading content you want to see or hear. You will probably find that many of the messages with blocked pictures are not of interest to you anyway, particularly those you receive through your work e-mail account.