Dealing with Email Issues
If you have issues connecting with the Internet generally, you'll be unable to send or receive email. See Internet Connection Issues for troubleshooting tips.
See Computer Basics & Terminology for help with technical terms.
Email Security Issues
Email remains one of the most important forms of communications today. It is convenient and is now available “on the go” via your smart phone.
However, you don't want to jeopardize your mail, your security or trade your privacy for ease-of-use. Don't use unsupported or obsolete software.
EFAIL Encryption Issue
EFAIL allows someone to break email encryption under certain circumstances. At issue are email and encryption protocols in use and their aging status.
In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. — Mozilla Thunderbird Blog
See the European EFAIL documentation includes details about the vulnerability and short-, medium- and long-term solutions.
Thunderbird, Outlook & AppleMail Vulnerable
Thunderbird, Outlook and AppleMail are vulnerable to the EFAIL encryption vulnerability if you're using S/MIME encryption or PGP encryption (through the Enigmail add-on in Thunderbird) giving the attacker access to your encrypted emails.
- Thunderbird vulnerability details from Mozilla. Version 52.9.0 (or later) provides a complete fix of the EFAIL vulnerability.
The Solution: Use External Encryption
The solution is to turn off internal encryption and disable HTML rendering in your email program. If you require encryption, use external encryption.
If you're worried about someone using this attack on your emails, disabling HTML rendering in your email client is a good way to mitigate risk. — Motherboard
The Cause and Potential Long-Term Solutions
Long term solutions will involve examining weaknesses in email.
- EFAIL: Outdated crypto standards are to blame.
- EFAIL: HTML mails have no security concept and are to blame.
SSL/TSL Security Protocols
Traditionally, email programs logged onto unsecured ports using only the user name and password for security, but later evolved to use other security measures to ensure the safe access to email on the server, particularly when sending mail.
Secure SSL/TLS Recommended
Like the Web, email started as an open system of scientists communicating with each other. Security was unnecessary and those early roots mean that today's email is not as secure as it could be.
SSL, while providing better protection than using unsecured connections, is obsolete and should not be used.
TLS replaced SSL and encrypts data such as your username and password for delivery over the Internet to maintain security and privacy. Earlier versions are not as secure and TLS 1.3 (established in 2018) or newer is recommended.
If your email program doesn't support current versions of TSL, you need to upgrade your email client or move to another email program that does.
Secure SSL/TLS settings using dedicated ports (such as IMAP on Port 993 or POP3 on Port 995) are recommended rather than Non-SSL settings on regular ports (IMAP on Port 143 or POP3 on Port 110).
Your ISP and/or email provider will have documentation on which of these protocols are available to you. Use the most secure protocol supported by the server and your email program.
Using HTTPS is strongly recommended for your webmail service, particularly where you're sharing public WiFi like in a coffee shop.
- Deprecating TLS 1.0 & 1.1.
- Transport Layer Security (TLS) on Wikipedia has more detailed information about security protocols.
Email Program Vulnerabilities
Email programs have a number of recognized vulnerabilities which will depend upon the program and the platform (operating system) you are running it on. Those that wish to minimize spam (unsolicited junk email) should avoid software with these challenges.
Obsolete Programs DangerousDo NOT use obsolete email programs like Windows Live Mail, Outlook Express or Eudora.
Internet Explorer for Viewing Messages
Some Windows email programs use Internet Explorer components for displaying images and HTML (styled) messages. These programs are subject to the same vulnerabilities that Internet Explorer has.
Internet Explorer isn't the default browser on many Windows systems, especially with the arrival of Edge in Windows 10. However, by embedding an Internet Explorer zero-day and delivering it through Word, an attacker can hit targets who don't have IE set by default. [M]any applications that were once exploited in the browser can also be accessed using a Word document. — Dark Reading
If a remote image (one not attached to the email, but downloaded from the sender's server) is automatically displayed you risk the fact that the sender might be tracking whether the image is downloaded to your computer.
Some spammers use an identifiable image to determine which users actually open the mail in order to verify whether an email address is valid and if the message is read.
More recent email programs such as The Bat! and Thunderbird disable the downloading of images by default to protect you from this risk.
Importing/Exporting Mail, Contacts & Settings
When changing email programs, you'll want to import the mail, contacts and settings from the old program to the new one.
Many programs will import this information from the most common current programs and even a few of the older ones.
- Thunderbird can natively import/export address books, mail and settings in a number of formats.
- The Bat! imports and exports email messages in .MSG, .EML and UNIX mailbox formats and now supports Exchange Web Services (EWS) protocol. See Moving to The Bat! for help moving from Pocomail.
- Outlook see Outlook Resources for help in importing/exporting with Outlook.
Third-Party Import/Export Programs
These programs match the format of the data from program you're exporting from and convert it to the one you're importing this information into.
- Aid4Mail MBOX Converter (free edition) converts mbox-type mailboxes to EML files.
- Aid4Mail (from US$29.95) is an easy-to-use migration tool that can also archive mail.
Email Backup Software
You can use email backup software to both secure your important emails from loss as well as to restore it to another installation.
- Best free email backup software for Windows 10 from The Windows Club.
- How to backup Gmail emails using UpSafe GMail Backup freeware.
- MailStore Home is a free email archiving software for Windows PC.
Dealing with "winmail.dat" Attachments
If you receive a message with an attached file called winmail.dat you probably will be unable to open it.
Invisible to Outlook Users
The winmail.dat is invisible to users of Outlook and Outlook Express, so such users may not know what you are referring to when you mention it to them.
Other email clients, like Thunderbird, The Bat!, or webmail programs can all send enhanced HTML-based email without any problems for the recipient. This issue is specific to Microsoft's email clients.
I recommend referring them to the documentation on this page so they can view an explanation and provide solutions. The direct link is:
It's a Microsoft Format Issue
Microsoft email clients (particularly Outlook in earlier editions), use the proprietary TNEF to encode the enhanced (styled) portions of the message and sometimes attachments are encoded using TNEF.
If you have difficulty opening a messages sent by Outlook but don't see the winmail.dat attachment, it is still possible that TNEF is the issue.
TNEF provides special features which makes it useful within a network where all members are using Outlook, but this can create display issues for non-Microsoft email programs.
What Version of Outlook are You Running?
The solutions in this section vary by what version of Outlook you are using. Check Wikipedia for a history of the various versions of Outlook.
You can click on the Help menu then select About Outlook to determine what version you are using. Corporate users can contact their IT department for assistance.
It is strongly recommended that you do not use older versions of Outlook.
A Plain-Text-Only Solution
The easiest solution depends upon the person re-sending the message as a plain-text message. Any other formatting (including Rich Text Format, enhanced (HTML) or messages composed in MS Word) will create this problem for non-Outlook users unless you disable TNEF.
In the following section you need to know what version of Outlook you're using because Microsoft changed its approach in Office 2003 (XP) and again with Office 2007.
For Microsoft Office Outlook 2007 or later follow these steps to turn off TNEF:
- On the Tools menu, click Options, click the Mail Format tab.
- In the Compose in this message format list, click Plain Text or HTML, and then click OK.
The following similar responses to questions about winmail.dat and more modern version of Office are found in the Microsoft Community:
For Microsoft Office Outlook before 2007 follow these steps to turn off TNEF:
- On the Tools menu, click Options, click the Mail Format tab.
- In the set the Send Format to either Plain Text or HTML. Do not select Rich Text format and be sure that you uncheck the "Use Microsoft Word to Edit Email Messages" box, then click OK.
Users of earlier versions of Outlook (97/2000) should simply send the message as plain text as any other formatting (including Rich Text or HTML format as well as messages composed in MS Word) will create this problem for non-Outlook users.
Microsoft provides a more technical solution based upon external domains for Microsoft Exchange 2007 users that may help your IT department determine a solution for all addresses external to your network. Note that Microsoft Exchange Server 2007 is no longer supported.
It is strongly recommended that you do not use older versions of Outlook — upgrade to a currently-supported version or move to a recommended email client.
Disable MS Word as Email Editor in Outlook XP or 2003
Unless you are exclusively sending messages within an internal department, Outlook 2002 (XP) and 2003 users will want to disable Microsoft Word as your default email editor because anyone not using Outlook or Outlook Express may be unable to read your message (or not as you intended).
To disable Microsoft Word as your default email editor in Microsoft Outlook:
- On the Tools menu, click Options.
- Click on the Mail Format tab and uncheck the "Use Microsoft Word to edit email messages" box, then click OK.
- Transport-Neutral Encapsulation Format (TNEF) gives a fuller explanation of this issue and the solution.
- MozillaZine discusses TNEF for Thunderbird and other Mozilla email programs and provides some solutions.
- Wikipedia's explanation of TNEF.
- Wikipedia's history of the various versions of Outlook.
Third Party Solutions
- Eolsoft's Winmail Opener (also available on Download.com) allows you to view and extract contents of TNEF messages. Free.
- WMDecode for Windows is a time-limited free utility to recover the information in winmail.dat files. You can re-download the file again later, or purchase the program for US$10.
- TNEF's Enough is a solution for Mac OS 9 and X users.
Why it Matters
As you can imagine, most people will simply ignore your message or fret over their inability to view the winmail.dat attachment. Take a look at the suggestions in the Email Newsletters section for some ideas if you are sending out regular updates of any kind to a variety of people.
If you decide to move to Outlook, be aware that I neither use nor recommend Outlook and therefore cannot provide the level of support I can with my recommended email programs. You'll need to find alternative support.
You need to be aware of the winmail.dat issue that affects users of many non-Microsoft email program users because it is invisible to you but can affect many of those you send emails to unless you're restricted to an office environment entirely composed of Outlook users.
I've provided the following external resources to help you learn more about using Outlook and dealing with its issues.
Backing Up Outlook
- Manage, download, back up, or restore Office products.
- Export Outlook items to an Outlook Data File (.pst).
- Microsoft ends support in Office 365 for Outlook 2007 and 2010 clients.
- Outlook Updates applies to Outlook 2016, Outlook 2013, and Outlook 2010.
- Help for Outlook Web App.
- Computer Hope's Outlook Resources.
- HowTo-Outlook provides weekly tips.
- The OutlookAddressBookView displays the details of all recipients stored in the address books of Microsoft Outlook.
- Aid4Mail (from US$19.95) can migrate, archive and analyze the messages in all your email programs. It does this without modifying the original messages.
Moving To/From Outlook
- Import and export Outlook email, contacts, and calendar.
- Import email, contacts, and calendar from an Outlook .pst file.
- Exporting and importing mailbox content in Outlook.
- Import email account data from Outlook on Macintosh.
- G Suite migration for Microsoft Outlook (Google apps).
- Export and backup emails from Outlook to Gmail online (2009).
You may need to use a third-party import/export solution.
Dealing with Mac Mail Issues
Apple MacIntosh users face similar issues than Windows users. These resources may help you to resolve them:
- Mac Mail App Support — Apple's support for the built-in Mail app that came with your Mac.
- If you can't send or receive email on your Mac.
- Import email account data from Outlook on Macintosh.