Home > Midmarket CIO Tips > Security for the midmarket > Outlook's automatic picture download settings
CIO Midmarket Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

SECURITY FOR THE MIDMARKET

Outlook's automatic picture download settings


Serdar Yegulalp
05.18.2005
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


This tip originally appeared on SearchExchange.com, a sister site of SearchSMB.com.

Outlook 2003 has stricter security controls over the presentation of rich content sent in e-mails. E-mail with HTML containing ActiveX controls, for instance, is one of the biggest vectors for spyware or virus infections.

As an additional security measure, Outlook 2003 does not download images by default when users open HTML e-mails. This conserves bandwidth and protects users from questionable images (for instance, in the context of pornographic spam e-mail).

If you right-click on an image in an e-mail sent to you and select "Change Automatic Download Settings," you can modify the way Outlook handles image downloads depending on the e-mail's originating domain. The "Don't download pictures or other content automatically" option is usually enabled by default, but there are two other settings that deserve attention:

1. "Permit downloads…from Safe Senders/Recipients" uses Outlook's Junk E-mail filter's whitelists to determine if the mail in question is safe to load pictures for. This is only useful if the Junk E-Mail filter's whitelists are in use in the first place. However, if you're relying on a server-side filtering system that doesn't interact directly with Outlook, this won't be as valuable.

2. "Permit downloads … from Trusted Zone [sites]" is a little more helpful. The Trusted Zone in Internet Explorer can be managed through IE's own control panel, or through third-party tools like the Internet Explorer Power Tweaks Web Accessories pack, or by editing the registry directly. This option makes it possible to define, either through policies or perhaps a script, what sites are recognized as safe throughout your organization.

Unfortunately, Outlook does not perform reverse DNS checking to determine if a given e-mail did actually originate from the server it claims to be from. This makes it possible for someone to send spoof e-mails that claim to be from a specific domain -- and may even load pictures from that domain -- but aren't in fact from that location. It's largely your server's responsibility to filter out these mails, and the tools now exist to do so.

Serdar Yegulalp is editor of the Windows Power Users Newsletter and a regular contributor to SearchExchange.com.

Do you have comments on this tip? Let us know.

Rate this Tip
To rate tips, you must be a member of SearchCIO-Midmarket.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Information security management for the midmarket
San Francisco network lockup justifies CIO fears
A cloud computing takeover? Google thinks so
An IT spring cleaning for CIOs
Single sign-on: Sensible security on scale
Spyware defense for the midmarket
Federal breach notification stuck in Congress
Anti-spam tricks for the midmarket toolbox (expert podcast)
Pre-emptive strategy best approach to breach notification
CIOs under fire and in front of the camera
Compliance-burdened CIOs turning to security management tools

Security for the midmarket
Risk assessment frameworks easy to employ
Compliance: Don't let your guard down
Single sign-on: Sensible security on scale
Laptop theft easily preventable while on the road
Information security requires organized teams
How to choose a DR service provider
Security on a midmarket budget
Security's crystal ball for 2008
Security outlook challenging for SMBs in 2008
SMB security reporting: The devil is in the details

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2007 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts