In association with heise online

How to adapt the security settings of Outlook Express

Outlook Express allows users to disable HTML email views in the "Read" tab in the dialogue box that is accessed from the menu "Tools/Options...". Checking the "Read all messages in plain text" option will format HTML messages as text, leaving JavaScript attacks and Web bugs no chance. Users who still work with an older version of the program, that does not offer this option, should update their systems.

menu Tools/Options/Read...

For users who want to receive HTML mails with graphical layouts, it will be too cumbersome to keep having to switch between HTML and text views. The free program OE Tool helps to solve this problem by inserting a button in the program header that allows the user easily to switch between the various viewing modes.

Users who do not want to give up the ability to view HTML should at least turn off the preview pane option by following the menu "View/Layout" and turning off the "Show preview pane" option in the lower part of the resulting dialogue box. This is quite safe, but makes it necessary to open each email in its own window. In the past, there have been attacks where viewing the mail was enough to cause damage.

Users should also check if they have selected the "Restricted sites zone" under the "Virus Protection" section of the "Security" tab in the dialogue box found as before from the "Tools/Options..." menu. In Internet Explorer, this restricted sites zone must, in turn, be set not to execute active content – the Browsercheck describes how to do this.

menu Tools/Options/Security

The option "Warn me when other applications try to send mail as me" prevents intruders from using Outlook Express unnoticed to disseminate mail. According to Microsoft, enabling the option "Do not allow attachments to be saved or opened that could potentially be a virus" blocks all file types that may contain scripts or code, for instance executable files or Word documents – this is another setting that also should be activated for the standard mode, even if it is less comfortable. When this setting is enabled, Outlook Express also blocks harmless image files such as gif or jpg.

If users receive emails with attachments that Outlook Express refuses to open, they may access such attachments by temporarily disabling the respective option.


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit