Email Safety Precautions and Best Practices


Some people are very cautious about the sites they visit and the files they download but are very careless about protecting themselves from exploitation via emails. So I thought I’d share some safety precautions you can utilize to keep from getting infected with various types of malware via your email accounts.

First of all, let’s look at two different ways of handling your email: webmail and email clients.


Webmail is what you’re using when you log into your service via your browser, such as at or You’re able to read, send and forward emails from the server’s site, and usually, they’ll offer some level of spam detection and filtering. Obviously, since you’re using your browser, it’s only available when you’re actually connected to the Internet.

Mail Client

There are a number of mail clients around. A couple of the more well known that you’ve probably heard of are Outlook and Windows Live Mail (previously known as Outlook Express). These clients communicate with your email accounts and download incoming emails to your hard-drive as well as uploading outgoing mail for sending. The email already downloaded to your hard-drive is available for viewing whether you’re connected to the internet or not.


Both modes offer essentially the same functional capabilities, but using a mail client offers a couple of major advantages, beyond access to your emails even when offline.




Email Client

Filtering/trapping spam and malware



Sorting/nesting storage folders



Multiple accounts on screen



Copying/moving between accounts



Checking source without opening



Searching for specific content




Email Safety Precautions: Verifying the source of a message

One of these capabilities is extremely useful, in terms of checking out an incoming email without opening or previewing it – the ability to check the source code of the message beforehand.

A savvy individual can build an email that will display ‘To’ and ‘From’ fields that are totally misleading. I receive emails all the time, saying that my PayPal account has been disabled or that my eBay account is about to be suspended. Both will usually show something like “PayPal” or “eBay Account Management” in the ‘From’ field.

First red flag:

These often arrive in the inbox of an email account that isn’t connected in any way with my PayPal or eBay account.

Since you already have an indication that this email may be a phony, you could just delete it at this point. But out of curiosity, let’s investigate further.

First of all, if you’re using the Preview Pane on your client, click the ‘Reading Pane’ button to close the preview, then right-click on the message, and left-click on Properties. A small pop-up will open, displaying some general information, such as the subject, ‘From’, the address, message size, priority and sent and received time and date stamps.

Clicking on the ‘Details’ tab shows the header data for the message. Sometimes this will show that the message came from someone other than the address shown in the ‘From’ field, but an accomplished bad guy will be able to mask this. Near the bottom of the pop-up, click on the ‘Message Source’ button.

Now you can see the entire message, including the HTML markup, and you can see if the message was routed through some server in Romania, even if it claims to be from Mountain View, CA. You can also read the content of the text of the message, without the potential risk of inadvertently exposing yourself to any attached malware.

Down in the body of such phishing and scam emails there will usually be a link, perhaps a “Log in” or “Click to Confirm” button. The true destination of that link will show up in the source code, such as in this example:

<table width=”126″ border=”0″ cellpadding=”0″ cellspacing=”0″ style=”font-style: normal; font-variant: normal; font-weight: normal; font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif”>


<td style=”border-left: 1px solid #bfbfbf; border-right: 1px solid #908d8d; border-top: 1px solid #bfbfbf; border-bottom: 1px solid #908d8d; padding-left: 10px; padding-right: 10px; padding-top: 1px; padding-bottom: 1px” bgcolor=”#ffa822″>

<a href=””>

Click To Confirm</a></td>



(Notice the link I show above in bold red text)

Second red flag:

The destination of a link contained in the message is different from what it says it is.

If you find nothing that looks fishy and you feel as though the message may be authentic, it may be safe, but not necessarily. Some scripts that aren’t obvious to the casual user can still be present and can be activated by opening an email. But at least you’re now able to see a lot more than you could before, without putting yourself and your system at risk.

We’ve all heard warnings about opening attachments or clicking on links that come from people we don’t know. But these days, a lot of malware will send itself out to every address in the infected machine’s address book, so the fact that a message comes from a close friend or family member doesn’t necessarily mean it’s safe to open or click. If their machine has been infected, they won’t even be aware that the message has been sent to you.

At the end of the day, your common sense is your greatest protection. Use it and don’t get duped.

If you’d like to more tips on using common sense online visit Doc Sheldon’s post on Top Shelf Copy: “The best tool you have is your head use it”.

Small Business Ideas - 11 Jan 2021 - by Rob Jennings

About Rob Jennings

When he found himself embroiled in a conversation with someone talking about their ‘customer-centric core competencies’ he realised it was time to create a Web Design Agency that was less about self promoting buzz-words and more about people and giving them the tools to understand the web.

The idea behind We Push Buttons was to create an environment where business owners can learn about building their organisation, whether it be with an outstanding website, SEO or any other marketing ideas. Coming from the art industry and online retail background he knows first hand the needs of growing a business in a tough environment.