Timberline Employee Blog

If your attachments are nearing 10 megabytes or more, then yes they are too big. Many email servers only let messages of 10 megabytes or less through. File encoding also takes up some of this space so I use estimate 7 megabytes is what you’re left with.

One option is to tell Outlook Express to split messages up. There are a few pitfalls here. If the party you are sending to email client cannot recombine the message, you are left with several messages full of junk. If not all the messages come through you are left with junk too.

To automatically split messages:

1. Open Tools/Accounts, select the email account you want to change, and click Properties.
2. Click the Advanced tab
3. Under Sending, click Break apart messages larger than…
4. Enter 7000 kb for the break size. This is slightly less than 7 megabytes and is a good approximate number to keep under the 10 megabyte including encoding limit.
5. Save your changes.

Splitting is automatic. Test by sending yourself a large attachment.

I have found a few programs to relatively securely encrypt email and files. One of those is the GPG Gnu Privacy Guard.

So now that you’ve decided to converse by email, you’ve learned that every email you send can be stored forever on some obscure server your email made its way through.So what do you do now?Simply, encrypt.

One tool, GnuPG, is a GPL licensed encryption engine. It doesn’t do anything by itself. However when combined with a few other tools Outlook integration is only a few steps away. I used Gpg4WIN from gpg4win.org. It includes the whole suite of tools needed to interface Outlook and the GnuPG encryption engine. The site is a German site and the included documents are in German so I chose to download the light package without documents. If you look around you can find an English manual.

After installing you will need to generate a key using your name, email, and a good pass phrase using the GNU Privacy Assistant, GPA for short. Don’t loose your password. You will need it.

For secured communications with an outside party, that party must also have GPG software installed and you must exchange your public keys. Once you install their key on your computer you can encrypt emails automatically using a combination of your key and their key.

The second thing Gpg4WIN does for you is it allows you to sign your email against your public key. It is recommended that you email your public key to just those you communicate with and to avoid posting your key to the public key servers as it is possible for spammers to harvest emails from them. The easiest way to email your key to open up the WinPT Key Manager, right click on your key, and select send key to mail recipient.

Outlook Express needs a plug-in running in your system tray when you wish to sign or encrypt emails. You can download gpgoe from wald.intevation.org/projects/gpgoe. Only message bodies are encrypted with this plug-in, attachments and subject lines are not encrypted. To automatically encrypt attachments, use Sylpheed-Claws instead of Outlook Express. This program is included in the Gpg4WIN download but is not installed by default. The party on the other end will also need to run something other than Outlook Express to automatically decrypt your emails with attachments.

Encryption can be thought of like a lock on a door. It keeps the honest people out. As computers become faster and given enough time and processor power any encryption key can be broken. If security is of the utmost concern then don’t use a public method of communication. The key is here is to consider the cost of breaking in verses the payoff.

The last post talked about GPG4WIN. I have found another source of certificates. Thawte will allow you to create a personal account for free. Once logged in you can request a security certificate. After a minute or two your certificate will be ready. I’m running Windows XP and Outlook Express, not to mention the virus scanners and other security measures in place. All I had to do was to click on the certificate on the Thawte web page and it automatically installed while I followed the prompts. Nice and easy.

Thawte and GPG4WIN can be used together when you exchange files by email for added security. After you have your e-pals GPG4WIN public key and Thawte public key, you can encrypt the file easily with GPG4WIN and then add the encrypted file attachment to your email. When you have Outlook encrypt too there will be two keys to break to get into the attachment.

It would be good to point out to not use the same password on both keys.