CCNC/CCNC Module 7/Electronic Mail/Security Considerations
Section 2 - Security Considerations
How to identify Unsolicited E-mail- Detailed Instructions
A distribution list is a set of email addresses which are given a single collective name. A distribution list can have tens or hundreds of thousands of names on them. Once a distribution list has been compiled, emails can be sent to every name on the list by sending it to the name of the list. In other words, it is as easy to send the mail to a hundred thousand recipients as to one.
This has led to a whole industry of creating and selling distribution lists. These lists are then used to send unsolicited email to people on the lists. Unsolicited email, known as spam is a major problem for both users and the Internet. The transmission of millions of messages across the Internet wastes valuable bandwidth and causes deterioration in Internet performance. For users, spam not only causes irritation but also fills up mail boxes.
To deal with the problem, some countries are now introducing legislation to prohibit spam. Some ISPs make use of special anti-spam software to block spam. Sometimes this software makes use of known sources of spam while at other times it uses special techniques to analyse the content. It is also possible to install anti-spam software on your computer. Be aware of the danger of infecting the computer with a virus by opening an unrecognized mail message, an attachment contained within an unrecognized mail message
Be aware of the danger of infecting the computer with a virus by opening an unrecognized mail message, an attachment contained within an unrecognized mail message
Email has been one of the major sources of the spread of computer viruses in recent times. These viruses are usually hidden in attachments to emails. There are numerous effects of these viruses. As Linux is relatively unaffacted by viruses, these effects apply mostly to non-Linux systems. However, the situation could change.
- Make your computer run more and more slowly to the point where it is inoperable.
- Delete data or entire hard drives.
- Change data.
- Send information stored on your computer back to hackers.
- Install programs on your computer which monitor your work and send details back to hackers.
- Use your computer to send infected emails to users in your email client address book.
On non-Linux systems, one of the standard actions you would take is to install anti-virus software that is able to scan email. However, as the threat to Linux systems is very low, there is little anti-virus software available.
Although the viruses may present little direct threat to a Linux system, it is possible for viruses to lie dormant in files stored on a Linux system and be transmitted to non-Linux systems when mail is sent or forwarded.
You should take the precautions listed below. If you are unsure of an email, do not open it or even preview it. Rather delete it.
- Check the email address to see if it is a known source.
- If you do not know the sender, check the domain. Be particularly wary of unknown senders using web based mail.
- Check the subject heading of the email.
- Check if there are attachments. Be very careful of email from unknown sources which have attachments.
- As we are all becoming increasingly dependent on email, we are often force to take certain chances. In order to deal with possible loss, make regular backups on removable media such as CD.
Know what a digital signature is
Digital signatures provide a way of verifying that an email is genuine and from the sender.
The process of using digital signatures makes use of a public key and a private key. If you wish to communicate with others using digital signatures, you will make your public key available to everyone but will keep your private key secret.
In order to use digital signatures, you would need special software.
First the sender's software compresses the message into a much smaller block of text, the message digest, by a process called hashing. Hashing is a one way process as you cannot derive the original message from the text that has been hashed, even if you know the hashing algorithm.
Once this has been done, the message digest is encrypted using the private key. The encrypted message digest is the digital signature which is then attached to the email.
The receiver's software then decodes your digital signature using the public key to create the original message digest. At the same time it also generates a message digest from the email using the same hashing technique. By comparing the two message digests, the receiver can determine the genuineness of the email.