E-Mail Threats and Vulnerabilities

David Harley, NHS Connecting for Health, UK


Social and Antisocial E-Mail Issues


E-Mail and Early Viruses

Boot Sector Infectors

File Viruses

File and Boot (Multipartite) Viruses

Macro Viruses

Script Viruses

Mass Mailers

Spoofing Viruses

Network Worms

Hybrid and Multipolar Malware

E-Mail Viruses and Worms

The Malware Author's Dilemma

Trojan Horses

Antimalware Solutions

Anti-Trojan Software

Spam and Related E-Mail Abuse

Spam and Malware

Chain Letters, Chain E-Mails, and Hoaxes

E-Mail Fraud

Threats and Extortion


Subscription Bombing

E-Mail Abuse and Policy-Based Solutions

Antispam Policies

Codes of Conduct



Cross References


Further Reading


The classic information technology (IT) security tripod model (integrity, confidentiality, and availability) applies as much to e-mail as it does to other areas of information management, and the medium is subject to a range of problems. Johnson (2000) categorized these as follows:

  • Eavesdropping. This exploits susceptibility to network sniffing and other breaches of confidentiality.
  • Impersonation/identity theft. Even though well-managed organizations use authentication to regulate access to services, many e-mail-related Internet services such as SMTP (simple mail transfer protocol) are highly vulnerable to such abuses as impersonation by forging e-mail headers. Although identity theft is an ongoing problem, the less glamorous problem of ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.