Along the web development, email has made a huge contribution in wide spread of internet. E-mail is widely used and has a well-defined and universally implemented protocol and, it is a hot cake for hackers. It is easily done. Attacks on e-mail focus on two areas: the delivery and execution of malicious code (malcode) and the disclosure of sensitive information. E-mail has great latent risk due to the very sensitive nature of the data or information that is transmitted. E-mail can disclose a huge amount of company and personally sensitive data. The security risks linked with e-mail are often perplexed with the risks associated with collaboration tools that also serve as e-mail clients. Microsoft Outlook is one such tool.
The following are two issues to consider when comparing e-mail and collaboration tools:
- <LI class=MsoNormal>The acquisition and propagation of malcode
- The loss of privacy data.
E-mail, as defined by the Network Working Group’s RFCs, is implemented in simple
ASCII text. ASCII text cannot be executed directly. This can be a serious mutilation for malcode, which needs to be executed, promulgate, or do damage. Therefore, e-mail at its very basic core is safe because it does not transmit directly executable (binary) code.
When an e-mail client starts adding features to be more of a collaboration tool, such as Outlook, the malcode has many avenues of being decoded and launched. The goal of these tools is to make life easy and suitable for the users. This ease and expediency leads to the tools providing features for the user that the malcode can use to its advantage.
The basic protocols used in e-mail may not be inherently susceptible to malicious code such as worms and viruses, but the same cannot be said for protecting personal and sensitive data. For many years, the popular e-mail protocol, Post Office
Protocol (POP), was used in the clear (not encrypted). Even in today’s security-conscious society, most e-mail is still transmitted in the clear.