How Outlook helps protect you from viruses, spam, and phishing
There are many hazards that the Internet can bring to your Inbox, such as viruses, spam, and phishing. This article briefly describes these dangers and how Microsoft Outlook 2010 is designed to help protect your computer from them.
In this article
Protection from spam
Anyone who has been using e-mail for some time is familiar with the flood of bulk e-mail that can come to your Inbox, most of it being junk. Outlook helps to mitigate the problem of spam with the Junk E-mail Filter, which automatically evaluates incoming messages and sends those considered to be spam to the Junk E-mail folder.
Outlook also has an additional anti-spam feature. Messages in HTML format often include pictures or sounds from an external source on the Internet. This is typically done by legitimate senders to avoid embedding large graphics in the message itself. However, junk e-mail senders use this capability as a "Web beacon" that collects your e-mail address. When you open the message and the content is downloaded automatically, you are inadvertently verifying to the sender's server that your e-mail address is valid. Your e-mail address can then be sold to spammers, often resulting in more junk messages being sent to you. By default, Outlook blocks automatic picture downloads. If you think that the message is from a trustworthy source, you can unblock pictures or other external content.
Protection from phishing attacks
Phishing is the malicious practice of luring you into disclosing your personal information, such as your bank account number and password. Often phishing messages have deceptive links that actually take you to spoofed Web sites that urge you to enter and submit your personal information. Your personal information is used by criminals to steal your identity, your money, or both.
Because it can be hard to distinguish a phishing e-mail message from a legitimate e-mail message from, say, your bank, the Junk E-mail Filter evaluates each incoming message to see if it is suspicious and contains suspicious links or was sent by using a spoofed e-mail address. If the filter determines that a message is suspicious, the message is sent to the Junk E-mail folder, and the links in the message are disabled. To prevent you from unwittingly replying to a message with a spoofed e-mail address, the Reply and Reply All functionality is disabled for that message. In addition, any attachments in the suspicious message are blocked. For details, see Enable or disable links and functionality in phishing e-mail.
Note If you have a Microsoft Exchange e-mail account, the Junk E-mail Filter uses Sender ID technology to determine whether a message that appears to originate from an e-mail address, such as email@example.com, was sent by an authorized mail server for that domain, such as example.com. This technology helps protect you from messages that use a spoofed e-mail address with a disguised domain name.
Previewing and opening messages safely
Microsoft Outlook 2010 uses only one editor, based on Microsoft Word 2010, for you to compose and read e-mail messages. Scripts, macros, and ActiveX controls cannot run in any message format, whether you use plain text, HTML, or Rich Text Format (RTF). However, SmartTags are allowed to run, as are custom forms.
If you prefer, you always have the option of Read e-mail messages in plain text, even though that does not provide full protection against all e-mail hazards.
Previewing and opening attachments safely
To help protect you from potentially malicious code, Outlook disables embedded content in attachments, such as scripts, macros, and ActiveX controls, while you are previewing. You should preview or open attachments only from trustworthy sources. For more information about attachment previewing, see Open and save attachments.
When a message has an attachment, your Inbox displays the paperclip icon in the Attachment column of the message list. Outlook automatically blocks attachments that contain file types that can run programs. This is to help prevent the spread of viruses from program files, a situation that is considered a Level 1 threat. Examples of the blocked file types include .exe, .bat, .com, .vbs, and .js. A list of the attachment files in a message that are blocked appears in the InfoBar at the top of the message.
If you try to send an attachment that has a file type extension that is on the blocked list, you receive a message that other Outlook users may not be able to access this type of attachment.
Only an e-mail server administrator can change this default setting and unblock certain file types. This setting is often used in an organization's intranet, not on the Internet.
File types such as .doc, .xls, .ppt, and .txt are not blocked. However, an Opening Mail Attachment dialog box appears when you try to open an attachment. This dialog box gives you the opportunity to consider the safety of the file that you are opening, and to save the file and scan it for viruses before you open it.
To be able to send any file type by using e-mail, you can zip the file and attach the .zip package to your message.
For a full list of attachment file types that are blocked and more tips on safe file-sharing alternatives, see Blocked attachments in Outlook.
Protection from macro viruses
The purpose of a macro is to automate frequently used tasks. Although some macros are simply a recording of your keystrokes or mouse clicks, more powerful VBA macros are authored by developers who use code that can run many commands on your computer. For this reason, VBA macros pose a potential security risk because a hacker can introduce a malicious macro through a document that, if opened, allows the macro to run and potentially spread a virus on your computer.