Hard to believe here in 2012, more than 20 years since we all started emailing each other, that a list of email dos and don'ts is even necessary. But I recently received an email from a buddy of mine that violently transgressed one of the cardinal rules of email safety protocol etiquette expressed below.
Since my friend isn't dumb, I'm forced to believe that we have simply forgotten how to protect ourselves and our correspondents against spam spam spam spam, malware, viruses and other digital nastiness on our phones and desktops. (And I'm taking it for granted you've installed anti-virus software on both your Windows PC and your Android phone, and you know to ignore missives from Nigerian princes or anyone else promising to send you a lot of money if you only send them a little money.)
So, if you're a casual emailer, take heed. If you're an email veteran, consider this an email safety refresher course.
- Do not forward emails with masses of email addresses contained within them. I don't know how, but spammers can somehow collect live email addresses from otherwise innocuous jokes or whatever that get passed around. I do know that sometimes spammers start these chain mails just so they can collect the email addresses it picks up on its email travels. If you feel you must forward something particularly appropriate to friends, family and co-workers, strip out all email addresses from all the forwards. And even then…
- Blind copy masses of recipients. If you have any message directed to a group of people, and you intend that message to be forwarded or expect back-and-forth responses, put the email addresses of your recipients in the "BCC" box of the email (you may have to access the View or the Options menu, depending on what version of Outlook you're using, to locate the BCC box) and then address the message in the "To:" box to yourself. Everyone will get the message and, if your recipients hit "Reply All," everyone will get the responses – but everyone's email will stay protected and private.
- Don't open attachments/click on embedded links from unknown sources. This should be a no-brainer. You don't recognize the email address on an email with an attachment or an imbedded Web link? Delete the email immediately. Do not pass go, do not collect viruses.
- Do not open attachments/click on embedded links from known sources. Perhaps not such a no-brainer. The latest spammer trick is to "spoof" addresses from people you know – to send you an imposter email from an address already in your address book and familiar to you. First clue it may be a phony – if the attachment or link is not accompanied by a personal message. Anyone you know who would send you a link or an attachment would say something more than "Thought you'd find this interesting," or some such other trite, impersonal intro. Your friends or family are far more likely to address you by name and tell you why the attached or the link is something that you'd be interested in. If it's just a link or an attachment, it's probably a fake and probably not from friend or family. And warn your friend who's email has been spoofed – simply changing their email password should help end the spoofing. Similarly, change your email password if your email address has been spoofed.
- Do not open an attached file with an ".exe" extension. All file names usually conclude with a three-or-four-letter suffix following the actual file name – a Microsoft Word file will be "xxxx.doc" or "xxxx.docx" while a photo might be labeled "xxxx.jpg" and a video "xxxx.mov" or "xxxx.mp4." A file that contains instructional code, which orders your Windows computer to do something, is an ".exe" or an "executable" file (opening an ".exe" file on a Mac does nothing). NO ONE should be sending you an ".exe" file – no one, unless you've specifically asked for it (a piece of software, for instance). If you receive a file that ends in ".exe" from anyone – known or unknown – delete it immediately.
- Do not send any private information over email. Spammers can be deviously clever. They can create seemingly official-looking documents from big companies or banks (such as this one) that require you to click on something or reply with some private information. These phonies are not as difficult to spot as you'd think – if you ever get one, you should immediately smell a rat. No company initiates correspondence from their customers requiring them to do anything more than to respond, and usually it's a re-direct to the company's Web site. No legitimate company would ever ask you to click on an attached file or email them your password or any other personal information. None. If it looks suspicious, it probably is.
- Create multiple email addresses. Your best protection against spam if to create multiple email addresses, each with a specific purpose. For instance, I have four email addresses: one strictly for business – I give the address only to trusted business associates and clients; one only for friends and family, with the same caveats; one for online shopping for confirmations and those seemingly endless offers that follow from the company your ordered from and everyone they sell their list to; and, a miscellaneous email address for those occasions when I want a semi-fake email address – filling out a form to get a free coupon, to get access to some secret Web page, a petition or other political form I sign – for those situations I expect to get spam and won't care because if I check that address once a year, it's a lot. Now, if one of these email addresses becomes spammed, it will be easier to change it given the small universe in which I use it. And this email diversity needn't cost you anything given the number of free email services you have to choose from – Google, Hotmail, Yahoo, AOL, et al. Just slightly change your current email address, create a new password, and send a bulk message to everyone within that specific closed universe (via method #2 above) of the new address, and you can start with a clean email slate.
That's my top seven email dos and don'ts. Do you have any email dos or don'ts?