Windows Mail and Resulting Internet Communication in Windows Vista

In This Section

Benefits and Purposes of Windows Mail

Examples of Security-Related Features in Windows Mail

Overview: Using Windows Mail in a Managed Environment

Procedures for Working with Windows Mail

Note

This section of the white paper describes Windows Mail in Windows Vista, but it does not describe related features such as Internet Explorer 7, the Phishing Filter, or the tool that can report errors that occur in Windows Mail. For information about these features, see the following sections of this white paper:

It is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization where users perform actions such as sending and receiving e-mail messages, or opening attachments in e-mail messages. This section, however, provides information about features and configuration methods in Windows Mail that can reduce the inherent risks associated with sending and receiving e-mail messages.

For more information about Windows Mail, also see Help for Windows Mail, which can be accessed in Windows Mail by clicking the Help menu and then clicking View Help.

Benefits and Purposes of Windows Mail

Windows Mail is designed to make it easy to send or receive e-mail messages and to browse or participate in newsgroups. It differs from many of the other features described in this white paper in that its main function is to communicate through the Internet or an intranet (in contrast to features that communicate with the Internet in the process of supporting another activity).

The following subsections describe some of the security-related options in Windows Mail, as well as outlining methods for specifying whether Windows Mail or some other e-mail software should be used as the e-mail client.

Windows Mail in Windows Vista includes a variety of security-related features to help decrease the risks associated with sending and receiving e-mail and opening e-mail attachments. The following list describes a number of these features. The table that follows this list shows how each of the described options is configured in Windows Mail.

  • Warning about harmful e-mail. To prevent e-mail messages from being sent without a user’s knowledge, Windows Mail warns the user when other programs, such as viruses or harmful attachments, attempt to send messages from the user’s computer. This warning appears only if Windows Mail is configured as the default simple MAPI client, and another program attempts to use simple MAPI to programmatically send e-mail messages without presenting a visible user interface on the computer.

  • Blocking of potentially harmful attachments. If this option is enabled, Windows Mail blocks the user from opening or saving e-mail attachments that are considered "unsafe." To determine whether an attachment is unsafe, Windows Mail uses a service called the Attachment Manager. The Attachment Manager gives each attachment a risk rating based on the extension, content type, registered handlers, and other heuristics. By using Group Policy, you can customize some aspects of Attachment Manager, such as the lists of high, medium, and low risk files.

    Blocking of potentially harmful attachments can be enabled or disabled through Group Policy as well as at the local computer. For more information about using this setting, see the table that follows and "To Locate the Group Policy Object (GPO) for Blocking E-Mail Attachments in Windows Mail," later in this section.

    To learn about Group Policy settings with which you can adjust Attachment Manager, in Group Policy, go to User Configuration\Administrative Templates\Windows Components\Attachment Manager. For a detailed explanation of a setting, select the setting and click the Extended tab, or open the setting and click the Explain tab.

  • Plain text format option for reading e-mail. Windows Mail can be configured to read all e-mail messages in plain text format. Some HTML e-mail messages may not appear correctly in plain text, but no active content in the e-mail message is run when this setting is enabled.

  • Blocking of downloads of external content (to help limit spam). If this option is enabled, Windows Mail will not contact an external Web server when an e-mail contains a reference to an image that resides on that external Web server. Businesses that use spam sometimes incorporate such external references for the purpose of validating e-mail addresses that they use, after which they send repeated e-mails to the validated addresses.

    The image involved might be a single pixel image that is not visible to e-mail recipients, who are unaware that their e-mail addresses have been validated. This option can be enabled or disabled on local computers. For more information about using this setting, see the table that follows and "To Start Windows Mail and View or Configure Security Settings," later in this section.

The following table shows how each option is configured in Windows Mail.

Options for Configuring Windows Mail

Option to Configure in Windows Mail Menu to Click Menu Item to Click Tab to Click

Warning about harmful e-mail

Tools

Options

Security

Blocking of potentially harmful attachments (also configurable through Group Policy)

Tools

Options

Security

Blocking of the downloading of images and other external content in HTML e-mail (this helps limit spam)

Tools

Options

Security

Plain text format option for reading of all e-mail

Tools

Options

Read

Overview: Using Windows Mail in a Managed Environment

Although there are inherent risks associated with sending and receiving e-mail (and e-mail attachments), you can use several different features and configuration methods in Windows Mail to reduce the risks:

  • You can use the graphical user interface to configure the security-related features in Windows Mail. For more information, see "Examples of Security-Related Features in Windows Mail," earlier in this section and "To Start Windows Mail and View or Configure Security Settings," later in this section.

  • You can use a Group Policy setting, Block attachments that could contain a virus, to limit the risk associated with e-mail attachments in Windows Mail. For more information, see "To Locate the Group Policy Object (GPO) for Blocking E-Mail Attachments in Windows Mail," later in this section.

  • You can control whether Windows Mail is available on a computer running Windows Vista by specifying that some other e-mail software should be used or by preventing access to Windows Mail. For more information, see "Procedures for Working with Windows Mail," later in this section.

Procedures for Working with Windows Mail

This subsection provides procedures for:

  • Opening the dialog box from which you can configure security settings for Windows Mail.

  • Locating the Group Policy setting, Block attachments that could contain a virus.

    You can use this Group Policy setting in situations where you want Windows Mail to be available for users but where you want to limit the risk associated with e-mail attachments. For more information about this policy setting, see "New Security-Related Features in Windows Mail," earlier in this section.

  • Specifying whether Windows Mail or some other e-mail software should be used as the e-mail client in Windows Vista. The procedures describe multiple methods for accomplishing this:

    • Through the Default Programs interface.

    • During unattended installation, with an answer file.

  • Preventing access to the Windows Mail shortcut, or to Windows Mail, in Windows Vista. The procedures describe several methods for accomplishing this:

    • During unattended installation, with an answer file.

    • Through Group Policy.

To Start Windows Mail and View or Configure Security Settings

  1. Click Start and then click E-mail (Windows Mail).

    If, under E-mail, the menu lists an e-mail other than Windows Mail, the listed e-mail program has been selected as the default for this computer. You can control default programs by clicking Start and then clicking Default Programs.

  2. In Windows Mail, on the Tools menu, click Options.

  3. Click the Security tab and view or configure the settings, including the check boxes for the following options:

    • Warn me when other applications try to send mail as me.

    • Do not allow attachments to be saved or opened that could potentially be a virus.

    • Block images and other external content in HTML e-mail.

    You can also select the Internet Explorer security zone to use. Windows Mail can use either of two security zones that you configure in Internet Explorer 7: the Internet zone or the Restricted sites zone. For more information about security zones, see Internet Explorer 7 and Resulting Internet Communication in Windows Vista in this white paper.

  4. Click the Read tab, and view or configure the settings, including the check box for Read all messages in plain text.

To Locate the Group Policy Setting for Blocking E-Mail Attachments in Windows Mail

  1. As needed, see Appendix B: Resources for Learning About Group Policy for Windows Vista, and then edit an appropriate GPO.

  2. Click User Configuration, click Administrative Templates, click Windows Components, and then click Internet Explorer.

  3. In the details pane, double-click Configure Outlook Express.

  4. If you enable this policy, you can select or clear the check box for Block attachments that could contain a virus.

To Specify E-Mail Software on Windows Vista Through the Default Programs Interface

  1. Click Start, click Default Programs, and then click Set program access and computer defaults.

  2. Click the Custom button.

Note

Alternatively, you can click the Non-Microsoft button, which will remove the visible entry points not only for Windows Mail, but also for Internet Explorer and Windows Media® Player. If you do this, skip the remaining steps of this procedure.

  1. To disable access to Windows Mail on this computer, to the right of Windows Mail, clear the check box for Enable access to this program.

  2. If you want different e-mail software to be available to users of this computer, select the e-mail software from the options available.

Note

For the last step, if your program does not appear by name, contact the vendor of that program for information about how to configure it as the default. Also, for related information about registry entries that are used to designate that a program is a browser, e-mail, media playback, or instant messaging program, see the MSDN Web site at:

<https://go.microsoft.com/fwlink/?linkid=29306>  
  

To Specify E-Mail Software During Unattended Installation by Using an Answer File

  1. Using the methods you prefer for unattended installation or remote installation, create an answer file. For more information about unattended and remote installation, see Appendix A: Resources for Learning About Automated Installation and Deployment for Windows Vista.

  2. Confirm that your answer file includes the following lines. If you already have a <ClientApplications> section in your answer file, the line for your mail software should be included in the <ClientApplications> section rather than repeating the section.

        <ClientApplications>

            <Mail>path_to_mail_software</Mail>

        </ClientApplications>

    For path_to_mail_software, specify the path to your mail software.

To Remove Visible Entry Points to Windows Mail During Unattended Installation by Using an Answer File

  1. Using the methods you prefer for unattended installation or remote installation, create an answer file. For more information about unattended and remote installation, see Appendix A: Resources for Learning About Automated Installation and Deployment for Windows Vista.

  2. Confirm that your answer file includes the following lines. If you already have a <WindowsFeatures> section in your answer file, the "ShowWindowsMail" line should be included in the <WindowsFeatures> section rather than repeating the section.

       <WindowsFeatures>

            <ShowWindowsMail>false</ShowWindowsMail>

       </WindowsFeatures>

Note

This procedure removes visible entry points to Windows Mail, but it does not prevent Windows Mail from running.

To Prevent Access to Windows Mail by Using Group Policy

  1. See Appendix B: Resources for Learning About Group Policy for Windows Vista for information about using Group Policy. Using an account with domain administrative credentials, log on to a computer running Windows Vista, open Group Policy Management Console by running gpmc.msc, and then edit an appropriate GPO.

Note

You must perform this procedure by using GPMC on a computer running Windows Vista (GPMC is included in Windows Vista).

  1. If you want the policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, expand User Configuration.

  2. Expand Administrative Templates, expand Windows Components, and then click Windows Mail.

  3. In the details pane, double-click Turn off Windows Mail application, and then click Enabled.

Additional References