Security etiquette in email for today’s Internet

In dealing with our teams of developers and engineers I find myself preaching some basic rules that make life easier for me when I try to deal with the legion of emails I get every day.  I thought to document them and in doing so realized that they have a decidedly security slant to them (big surprise).

Here are some rules of etiquette that will allow you to survive my spam filter (outlook junk mail) and not get deleted for cause:

  • Always put a subject on the message (the more specific the better).  I am noticing a ton of no subject emails in my junk mail folder and I don’t scan the addresses before I delete them.  Not putting in a subject is a technique used by spammers to make you view the message.  For me and a growing number of people it backfires.  Call it a pet peeve, but if you can’t be bothered to put a subject on a message then I can’t be bothered to read it.

  • Never send an attachment unless I expect it (you told me in a previous message that you are sending it) or you explain what and why you are sending it in a way that lets me know that you had to have written it.  Remember that anyone can send a message as you if they really want to do it.

  • If you send me a link then tell me what is at the other end.  There are many sites that lure you in and do something amusing.  Why would you assume that they aren’t being used to infect or subvert your computer.  There are many “drive-by” exploits that only need the page to be viewed from a vulnerable machine to do their work.

  • If I know a password or other secret then you can refer to the password or secret, but avoid sending it in an email.  It just isn’t a secure medium.

I could go on and on about all caps being like yelling, but that isn’t my intention.  I had figured that everyone already knew about these and yet I still get these things sent to me times per day and often by very technical people.

Be safe…