The advent of electronic mail or email and the Internet has greatly enhanced communications throughout the world -- at home and at work. The majority of internet users around the world use email to communicate.  But email can be very tricky, in a way, its almost like talking.� Many common ailments are spread through the air, by breathing air that has been infected.� That is why people often get a least a little sick after they have been on an airplane or with a very large group of people.� Similarly, email is the biggest spreader of viruses, Trojans and worms.  Viruses are not the only problem you have to worry about when it comes to sending and receiving email.� Lately, email privacy has been in the news.� People can intercept email either maliciously, or screen it, like a business might do to monitor employees.� The latter involves a myriad of legal, ethical, and morale issues.� What comes into and out of your home computer, with very few exceptions, is your own business and you have the right and the responsibility to keep prying eyes off your private affairs.� Just like we close doors and curtains at home, protecting email is another way to protect your privacy.

1. Change email password regularly and don't share it with anyone. ISPs and most server administrators never ask users for their passwords. Don't respond on receiving an email asking for your password.
   

2. Never open executable attachments without scanning them. Most worms and viruses try to disguise themselves by using file extensions like .exe, .scr, .vbs, etc.
   

3. If possible, try scanning the incoming emails for viruses. This can be done using either a gateway antivirus program or an email specific virus program. Most firewall programs nowadays allow users scan their incoming and outgoing emails.
   

4. Careful while opening emails from unknown people. In case of corporate, if an email looks very suspicious, then users should forward it to the system administrator or company's email security team for analysis.
   

5. Don't respond to spam emails. While not exactly a strictly a security measure but it limits your exposure to unwanted email. By responding to a spam email asking to be removed from a list, the user actually confirms of having a valid email account. This puts user's email address on the "A-list" for future Spam.
   

6. Install security updates on system. Microsoft puts out numerous security patches every now and then and segments these updates so that security patches can be easily identified. It's safe to keep the system patched and up to date. This is, perhaps, the best defense one can employ against viruses and other malicious attacks.
   

7. While using a web-based email program, do remember to log out of the webmail instead of closing the web browser. And in case accessing mail through a public terminal such as an Internet caf�, always close the browser before leaving.

Before connecting to each other, computers must agree on some predefined set of instructions or protocol for transmitting messages between each other. Email protocols like SMTP, POP3 and IMAP are all "clear text" transmission methods. Anyone who can use sniffer programs and observe the network segment being used could easily read the messages transmitting through the wire especially on wireless networks like Echelon. By using encryption, it might be reasonably assured that a packet sniffer could not understand the traffic he is observing. This encryption must begin with password protection. Clever algorithms have been created to make sure that passwords used to authenticate the user are not observed, but these are not always required. Password protection is also known as "Secure Authentication." Some examples of Connection Protection Technology are: SSL (Secure Sockets Layer), VPN (Virtual Private Networking), SSH (Secure Shell).

Message Protection

When a message is encrypted and there is a way to make sure that only the intended recipient can decrypt the message, then one can be assured that the message is protected from both sniffers and rogue system administrators who might try to capture copies of the message from temporary storage queues. Technologies used for Message Protection includes PGP (Pretty Good Privacy) and Stenography, a technique of hiding messages inside picture or music files.

Physical Protection

Messages are vulnerable to physical intruders before encryption and after decryption of the original and final copies of the message as they are stored in clear text. Similarly, message encryption does not keep the ISP from observing who the correspondents are. For this personal computers and private LANs must be protected from any data theft, by physically baring unknown people from accessing the area and equipments. Locked doors, security badges and vigilant receptionists are important. Likewise, burglar alarms, steel gates, and security guards greatly improve the chances of keeping thieves out.

Storage Protection

The data stored on hard drives, even networked file-servers, is usually stored in clear-text or un-encrypted format. A UserID & Password might be required to convince the operating system to let users use their files, but the files themselves are not encrypted. Once someone has physical access to the computer the operating system is easy to defeat. Disk encryption is the only real solution for this situation. Disk encryption can be done using encryption algorithms like Blowfish, Twofish, 3DES, etc.

Microsoft Outlook provides a solution for organizing and managing digital communication tools such as email, newsgroups, and instant messaging, along with all day-to-day organizational information from calendars and contacts to task lists and notes. Outlook controls the deluge of email, appointments, and contacts, helping the user to manage his time and tasks more effectively, while making it easier to share information and communicate with others. The new version of Outlook also works as a web and FTP browser, eliminating the need for a separate Internet browser program. Beyond the many features included in it, Outlook can access web based email services, such as aol, hotmail, yahoo, etc. Furthermore, the mailbox cleanup tool identifies messages by age and can easily find and delete older messages. Another feature automatically reformats HTML code to plain-text email, just in case the receiver cannot read emails with HTML.

In its the latest version, Microsoft Outlook 2002 provides user the power of blocking email attachments associated with unsafe files and preventing programs from accessing user's address book so as to prevent the spread of viruses to others' computers. Features from earlier versions of Outlook like giving administrators options to customize the email settings to meet the specific security needs of their organizations, remains there in Outlook 2002. The new versions of Outlook like 2002, 2000 and 98, allows users in setting the Internet security zone to Restricted sites by default to help protect HTML messages from viruses spread by means of scripting. Discussed below are some of the most important security features of Microsoft Outlook 2002.

Pretty Good Privacy was developed by Phillip Zimmerman to provide a means of secure communication in an insecure electronic environment. PGP is an email security program that implements the concepts and algorithms of single key encryption, public key cryptology and digital signature to deliver a complete email security product. PGP uses public-key encryption to protect email and data files. However, it does not use the Public Key Infrastructure (PKI). The user personally decides if a public key is trustworthy or not. There are PGP public key servers where public keys are stored. Furthermore, it is available for virtually any platform (UNIX, VMS, MS-Dos, Windows, OS/2, Macintosh, Amiga, Atari, and BeOS). PGP automatically provides data confidentiality, data integrity, and origin authentication with the option of non-repudiation. It is possible to send a message without confidentiality, or without providing for authentication and integrity.

1.  Confidentiality

To protect the messages from eavesdropping, PGP encrypts the message using the public key of the recipient. So only the intended recipient can read the message after decrypting the message with his private key.

2.  Data Origin Authentication

PGP vouches for the authenticity of the originator of the message by appending the originator's signature to the message. The signature is generated using the private key of the sender of the message. The private key of the sender is supposed to be known only to him. Hence the signature uniquely identifies the sender of the message.

3.  Message Integrity

PGP also provides the recipient a means to check that the message reached him intact without any tampering / modification on the transit. This is done by means of sending a message digest of the original message to the recipient.

Phil Zimmermann designed and developed PGP Version 1 in 1991. Since then PGP has grown into a more versatile application under the direction of its current owner, Network Associates. Until the most recent release PGP has been completely open source, allowing anyone to review the code and suggest improvements. PGP usually makes use of a 512, 1024, or 2048-bit RSA key pair for authentication purposes and a 128-bit IDEA key for encryption.

• signature (optional)
• compression
• encryption (optional)
• transmission encoding (optional)

Pretty Good Privacy uses some of the best features of both the conventional and public key cryptography systems. In order to sign a message PGP uses the MD5 hash algorithm. A signature is generated and appended to the original message as the first step. The message with the appended signature is compressed to reduce the size. PGP uses compression to reduce the message in size and to remove any redundancies in the message. Also compressing data helps in saving transmission time over the internet and more importantly, it strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis.

Then the message is encrypted by the user's private key. To encrypt messages PGP uses IDEA. IDEA provides 128-bit secret key encryption. PGP then creates a one time only secret key or session key, which is a random number generated from the random movements of the mouse and the keystrokes of what users type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext, resulting in cipher text. After encrypting data, the session key is then encrypted to the recipient's public key. This public key encrypted session key is transmitted along with the cipher text to the recipient. In order to transmit the secret key it is encrypted using the RSA algorithm and the recipient's public key. Ultimately, the message is encoded for ASCII armor. Since many email systems only permit the use of ASCII characters, PGP supports conversion of 8-bit binary streams of cipher text to printable ASCII characters.

Decryption works in the reverse. The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally encrypted cipher text. The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Public key encryption provides a solution to key distribution and data transmission issues.

PEM is an IETF (Internet Engineering Task Force) standard designed to add security to text messages. It was started as a project by the Internet Architecture Board in 1985. PEM uses the certification hierarchy and is designed to supports X.509 certificates and RFC 822 email formats. It includes data integrity, data confidentiality, message authentication, non-repudiation, and key management, and allows use of both asymmetric and symmetric key cryptography. While data integrity and origin authentication are included by using encrypted digital signatures, data confidentiality is an optional feature. PEM supports only a few cryptographic algorithms, where DES is the only symmetric encryption algorithm currently used, and RSA and DES are supported for key management. Key management is used to encrypt data encryption keys and message integrity check (MIC) values. For each mail message, the specific encryption algorithm, digital signature algorithm, and hash function are specified in the header.

PEM uses 56-bit keys for DES encryption. For Triple-DES two DES keys with a total length of 112 bits are used. RSA keys are not specified. PEM allows use of DES as well as RSA for key management. While DES is often used for data encryption, however, RSA should be used for encryption of DES keys during transmission. PEM converts every message to a standard format before applying message integrity algorithms. This transformation is called canonicalization. This step is necessary, since, by using PEM, a message cannot be changed after it is encrypted, which in turn leads to problems of decrypting the message correctly at the other end. In order to prevent spoofing attacks a PEM message is always signed. Encryption of PEM messages is optional.

S/MIME is a technology invented by RSA. It has been implemented by the major vendors of corporate email software. The Internet Engineering Task Force (IETF) is about to form a working group in order to evaluate whether or not to accept S/MIME as a formal standard. S/MIME is a protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions) messages. Internet email messages consist of two parts: a header field and a body. The header includes the source of the message, the address, and some information about the body. The body, typically, is unstructured unless the email is in MIME format. Multipurpose Internet Mail Extensions defines how the body of an email message is structured.