It is safe to “preview” emails

You don’t risk opening Pandora’s Box just by previewing an email message

Most email programs (such as Outlook and Thunderbird) and most webmail sites (such as outlook.com and Gmail) allow you to “preview” an email message before opening the message in a separate window. This is usually known nowadays as opening a “reading pane”. It can save time – especially if you are inundated with email messages. However, IT people such as myself used to advise you not to do this as something unpleasant could be unleashed before you had a chance to do anything about it. It used to be safer to delete any suspicious-looking messages without either previewing or opening them.

For some time now, though, that really hasn’t been the case. The main problem used to be that malicious JavaScript code could be executed simply by previewing a message. Nowadays there aren’t any web-based email systems or email clients (programs that run on a computer – eg Outlook and Thunderbird) that would allow that to happen. It is now safe to use the preview option in both webmail and when using email clients.

Other dangers do still lurk in email, though. There are two main sources of threat to your computer system that are still very much to be found in emails – links and attachments.

A link is a specially formatted piece of text that can be included in the body of an email message that, when clicked on, will cause your web browser to open the web page specified in the link. The link can not do anything until you click on it. It is conventional (though by no means necessary) that links are denoted by the text being in blue and/or underscored. For instance, if you click on the blue, underscored, text at the end of this sentence you will be taken to the home page of my website – https://davidleonard.london. Links can be dangerous in emails because they can take you to malicious websites that can infect your computer with malware, or that can attempt by various means (such as impersonation of your bank) to persuade you to hand over confidential information. The text you see in the link may be very different from the name of the website that it leads you to, and can be very misleading.

An attachment is a file that is – erm – attached to an email message. It could be any sort of file, ranging from a completely innocent picture of a cat, to a computer program that can wreak havoc on your computer. Let’s be clear, though, that an attachment is completely harmless unless you open it (ie click on it). Attachments can not suddenly burst into life as a result of your having viewed (or previewed) a message.

It is worth stressing that both links and attachments need to be clicked on before anything bad can happen. If you view – or preview – any email that you think poses any kind of threat, then that threat can not be realised without you clicking on something.

So, if you think an email poses a threat, the easiest thing to do is to just delete it. If it makes you feel better, you can also report it to your email provider, or any other relevant authority. When you delete an email, the links within are also deleted, and attachments are not downloaded onto your computer without your explicit permission. They, too, disappear with the deleted email.

It seems to be one of the early habits of computing that a lot of us (myself included) took very seriously to begin with and who still do the same thing, even though it is no longer necessary. I still don’t preview my messages in a reading pane even though I’m sure it’s safe to do so, but I might behave differently if I had hundreds of messages to wade through every day.

And, just in case you’d like a second opinion on this (since you take computer security seriously, of course), have a look at this link from howtogeek.