Dodgy Emails from Client

I have a client operating part-time from home who uses hot-mail for her emails.

I spasmodically get spam from this email address. I ask her to get it sorted and all is OK for 6 months.

A few weeks ago I had to email myself data from her computer (I won't need to do this again) and shortly after that I had some viruses on my machine that took many hours to root out. I can't remember the last time I had a virus on my machine but it was many years ago.

Of course it may not be her fault that I had the viruses, but I don't get the same email problems from other clients.

I need to email her with various information from time to time, but am tempted to tell her that I am so concerned about the hijacking of her emails that I will block her emails from coming to me.

She is unlikely to spend any money getting better protection. What would you do in the circumstances?

Comments
fluffymitten's picture

Recommend an alternate free email provider?

fluffymitten | | Permalink

Some are better than others and hotmail is notorious for being a source of spam. I have it completely blacklisted and refuse all emails from that domain. Maybe moving over to another provider (gmail, for example) would be a good idea.

On the subject of google, the Google Pack pack.google.com/intl/en-gb/pack_installer.html offer free anti-virus and anti-spyware, which would help your client to maintain a relatively virus-free environment without any additional cost.

 

Louise

 

EDIT: gmail has a total mail size limit of 25MB (that's the internet headers, covering email text, and the attachment) and you can send to a maximum of 100 recipients.

I recommend fastmail.fm

AlanBourke | | Permalink

Gives you probably the best webmail interface out there and top-class spam filtering.

mote and moonbeam

Gentoo | | Permalink

While I understand you are not specifically blaming your client, as I read your story, it looks like her email account had been compromised in some way.

You then chose to email some data from her machine to yours.

Am I missing something here?

What happened to quarantining data from dodgy sources and checking it before letting get through your protective fence?

limitations

kiwilondon99 | | Permalink

 

with the services/providers being named in this thread - is it possible for future posters to comment on any limitations which may apply [ ie file size limit on send / receive ? ] to the service/provider that they 'suggest'.  

this limitation example, can be embarrassing for a business [ or accountant] sending quotes + files  or powerpoint pres etc  [ forget the photos this is re personal em accounts! ] 

Moonbeam's picture

Quarantining data

Moonbeam | | Permalink

Gentoo

I don't know how to quarantine data in the way you suggest. Please explain how this can be done.

chanpangchi's picture

What is the problem? Hotmail? Hotmail' users?

chanpangchi | | Permalink

I often saw comments about Hotmail that it was not reliable, not secure... etc.  I don't work for Microsoft nor receive any $$$ from M$.

When was the last time that someone actually hacked into Hotmail system and stole its users' information?  Was it the users' responsibility if they disclose their user id and password to some websites or their computer was hijacked?  I know customers who logon to their email account on a computer at public library, the rest is history.

I just checked my junk mail folder and I found junk mail from hotmail accounts, as well as Gmail and Yahoo.

You can find another email provider for your client but if she does not change the way she handled her computer and her hotmail account, how long do you think it would take before her new email account got compromised again?  

-- Regards,

chan_a@algconsultings.com

http://ca.linkedin.com/in/alginc

http://www.algconsultings.com/

quarantining data

Gentoo | | Permalink

OK. It's a big subject but here's an overview

Any data that you don't know about should be kept away from your own systems until you are happy that you are only getting what you think you are getting.

It remains true that almost exclusively the problem is one of data originating from MS Windows machines (While, as you might infer from my nick I'm a Linux person, this isn't a specific anti-Windows rant)

For the hyper paranoid (and strictly that should be all of us but especially Windows users) use a separate machine, not on your network/no access to your core data, to receive external data from any source.
(it's called an "air gap")

I'd definitely consider using a basic machine running a desktop Linux distro - regardless of your non-Windows skills, switching on, logging on, opening an email client is fairly standard whatever OS you are using.

What's an untrusted source?

That's your judgement call, but the less you know the more paranoid you should be. Someone using hotmail is a good start, not only because it's hotmail, but also because it is an indicator of a lack of skill/lack of care by the apparent inability to set up a proper account on an ISP with an @myaccount.isp.co.uk type email. ISPs are quite good at spotting and quarantining email (_not_ attachments) with dodgy payloads.

What's a trusted source?

One demonstrating good practice.

Attachments should always be treated as suspect. Many paranoid organizations delete emails with attachments at the network gateway without mercy, others strip the attachment.

If it's a document "of record" where provenance is important - leave it on your receiving machine, print it out to use it and leave the file alone.

Only accept attachments in plain text ( .txt rather than .doc, CSV files rather than .xls, as it is impossible to hide dodgy macros or other nasties in plain text at the expense of it being slightly more awkward to handle the data at your end. You need to open them in a plain text editor (on your linux machine, above) which has no fancy capabilities then save them before transferring them (possibly using a USB rather than connecting to your network) into your super-duper programme on your networked computer.

For Windows computers there are scanning programmes that can check for known nasties - they are probably good enough, but carry their own maintenance payload (they can't trap what they don't know and need to kept up to date).

Also, If I were sending you some attachments (and you trust me) I could "zip" them calculate the MD5 checksum (it's a utility) of the resulting file and send it to you separately. You get the file, you calculate the MD5 and check against mine.

If the two match it's extraordinarily unlikely that anything has happened to the file between sending and receipt.

It's always a good idea to use a plain text email client (or set yours accordingly) at it will how up stuff
such as an HTML link "fluffy kitten" as fluffy kitten it will also expose white text on white background traps.

hetrogeneity is always good, it's quite difficult for nasties to survive passing through different systems hence my suggestion of a linux machine as your receiving client.

HTH

Edit: amusingly my attempt to show the problems of HTML links was hidden by accountingweb so I'm trying again

It's always a good idea to use a plain text email client (or set yours accordingly) at it will how up stuff
such as an HTML link "fluffy kitten" as < a href equals "yourworstnightmare.com">fluffy kitten it will also expose white text on white background traps.

Moonbeam's picture

My Conclusions so Far

Moonbeam | | Permalink

I would like to thank everyone who has responded. All suggestions will be considered carefully for the future.

Gentoo - thank you for this information. I don't have a spare computer, just the one. It’s not so much attachments that I am worried about, as I would never open an attachment from a questionable source – and won’t need to again from this client. However, the information you gave was very enlightening.

Since it is so long ago that I had a virus before this month, I am obviously doing things right most of the time, but am not an IT guru and don't want to become one. This does not mean that I am not determined to do all that I can to avoid any more virus episodes.

It is murder explaining to the client concerned how to save an attachment from an email I send her and how to restore it to the program concerned without explaining doing zip file calculations.

I am attempting to learn lessons from the recent virus episode, and want to tighten up on all fronts, although I am well aware the virus or viruses in question could have come in on any client’s email or via my surfing of the net.

I think my main priority is to ensure as far as possible that only people I trust use a particular email name for me when sending me messages- this has worked well over the years.

The next priority is to block emails from people who don’t appear to want to spend time and money ensuring they don’t infect other peoples’ machines. When these are clients this is a problem.

I agree wholeheartedly with Changpangchi that in this case, it is the user of the other computer just as much as her hotmail account that is to blame, and emails from her machine are probably never going to be trustworthy.

So it is theoretically pointless asking her to get another account set up. But that is what I am going to have to request, initially.

I then have 2 options:

1. She refuses to set up a new email account with another provider and I tell her that regrettably I will have to block her emails

2. She agrees to change to another safer email account and the same problem occurs later. I then tell her that I will have to block her emails whatever the email address as she isn’t protecting herself or me adequately

It’s a shame because she is otherwise a charming person and pays the bills without fuss and early. I wish there was a better option available that didn’t take hours of my time.

 

Just a thought

pauljohnston | | Permalink

does she have anti-virus and anti trogan on her machine?? 

chanpangchi's picture

Great if you have anti virus software, but

chanpangchi | | Permalink

I know a lot of business users who never update their computer with the latest security patch and virus definition. 

They like to download and install whatever software they like; one of my clients have over 200 applications launched during startup.  She complained her machine was too slow and you know what she did to speed up her machine.  She disabled her AV software!

They use their computer on unsecured wireless network or logon to their email account on public computers, e.g. libray, coffee shop... etc.

Computer is a 2 sided sword; it can help your business, i.e. improve productivity, make better and faster decisions; but at the same time, it can seriously damage your reputation.  Unfortunately, most business users learnt their lesson in a very hard way.

-- Regards,

chan_a@algconsultings.com

http://ca.linkedin.com/in/alginc

http://www.algconsultings.com/

email provider

Malcolm | | Permalink

It's impossible to avoid Spam completely, but do try GMail, I have many clients who swear by it!

Malcolm

Add comment
Log in or register to post comments
Group: IT Zone discussion group
IT & Technology discussion group