Outlook's automatic picture download settings

Outlook 2003 has stricter security controls over the presentation of rich content sent in e-mails. E-mail with HTML containing ActiveX controls, for instance, is one of the biggest vectors for spyware or virus infections.

As an additional security measure, Outlook 2003 does not download images by default when users open HTML e-mails. This conserves bandwidth and protects users from questionable images (for instance, in the context of pornographic spam e-mail).

If you right-click on an image in an e-mail sent to you and select "Change Automatic Download Settings," you can modify the way Outlook handles image downloads depending on the e-mail's originating domain. The "Don't download pictures or other content automatically" option is usually enabled by default, but there are two other settings that deserve attention:

1. "Permit downloads…from Safe Senders/Recipients" uses Outlook's Junk E-mail filter's whitelists to determine if the mail in question is safe to load pictures for. This is only useful if the Junk E-Mail filter's whitelists are in use in the first place. However

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

, if you're relying on a server-side filtering system that doesn't interact directly with Outlook, this won't be as valuable.

2. "Permit downloads … from Trusted Zone [sites]" is a little more helpful. The Trusted Zone in Internet Explorer can be managed through IE's own control panel, or through third-party tools like the Internet Explorer Power Tweaks Web Accessories pack, or by editing the registry directly. This option makes it possible to define, either through policies or perhaps a script, what sites are recognized as safe throughout your organization.

Unfortunately, Outlook does not perform reverse DNS checking to determine if a given e-mail did actually originate from the server it claims to be from. This makes it possible for someone to send spoof e-mails that claim to be from a specific domain -- and may even load pictures from that domain -- but aren't in fact from that location. It's largely your server's responsibility to filter out these mails, and the tools now exist to do so.

Serdar Yegulalp is editor of the Windows Power Users Newsletter and a regular contributor to SearchExchange.com.

Do you have comments on this tip? Let us know.