When you receive an email from a person or a company that you don’t know, would you click on the Internet links in that email? I would hope not. That’s because the links could let spammers, who harvest email addresses, know that you opened their email, or worse. They could potentially install malware on your computer from their webpage. Similarly, images sent in an email from a person or company you don’t know can also send information about you to spammers or introduce malware on your computer.
(Note: The information below applies only to email in HTML format. Often people sending email from a Mac computer or an iPhone or an iPad send it in text-only format. Images are not displayed in text-only format email.)
(Note: The instructions and images below are for Outlook 2021. However, it should be similar to most other versions of Outlook.)
For keeping you safe, Microsoft Outlook defaults to NOT displaying email images that use Internet links for displaying the image. An example of the message you receive for any email with such images is shown below.
(Note: Received email with embedded images, but no images displayed using Internet links, do NOT get the above message. Neither do attached images which effectively are embedded images.)
Blocking such images with Internet links for all email can be annoying because the email is not being seen as intended, with all images shown. Allowing such images for all email is dangerous. What to do? The solution to this conundrum depends on the amount of risk you are willing to take with your email. Somewhere between blocking images with Internet links in all email and not blocking any email images is a comfortable level of risk that you may be willing to take. It’s up to you. This article will show how to manage your email images to the level of risk you are willing to take.
Your Message Choices
By clicking anywhere on the message shown below, you will see this:
1. “Download Pictures” means that all images will be downloaded and displayed ONLY for this particular email, not for other email from that email address now or in the future. Optionally, you will also get the same result by right-clicking on the message shown below which will appear inside each picture box in the email, and then choosing “Download Pictures”.
2. “Change Automatic Download Settings…” takes you to this options window:
(Note: The above image is shown with the default settings which are generally considered safe.)
You have some flexibility here: If you like to live dangerously, you can uncheck the “Don’t download pictures automatically in standard HTML email messages or RSS items” box and you will no longer be bothered with the message you are getting. If you want some protection, I recommend leaving the default settings as shown. If you want more protection, feel free to check the “Warn me before downloading content when editing, forwarding, or replying to email” box. You will also get more protection by keeping the “Don’t download pictures in encrypted or signed HTML email messages” box checked.
3. “Add Sender to Safe Senders List” means choosing this option will result in ALL past, present, and future email from this sender’s email address not asking you about downloading pictures.
4. “Add the Domain … to Safe Senders List” means choosing this option will result in ALL past, present, and future email from this domain not asking you about downloading pictures. You may notice when using the previous option for the sender’s email address, you keep getting asked about allowing the pictures to be downloaded from what appears to be the same sender. That could be caused by the sender using a slightly different email address when sending multiple email. That’s where this option comes in handy because it is likely that the domain name will not change from email to email.
5.”View in Browser” should use your default browser to view the email assuming that the message is in HTML format. It could supposedly be a safer place to read your email, but maybe not. If you are suspicious about an email, don’t display the images in Outlook or view the email in your browser.
Should I Or Shouldn’t I, That Is The Question
A difficult part of handling email with images is deciding what to do with the images in each email. It’s entirely up to you, but here are some guidelines:
1. If you are suspicious that the email may be spam or worse, do NOT display the images.
2. Just because the email is from someone you know, you can’t assume it is safe. It’s easy for spammers to spoof a friend’s email address.
3. Hold your mouse pointer over the image box to see the web address where the picture is located. Be VERY careful with the spelling because spammers will use links that look like valid web addresses like “micr0s0ft.com” where the first two O’s have been replaced with zeroes.
Managing Your Message Choices
The Safe Senders List has every email address and every domain name where you have declared their images safe. Outlook gives you a way to see the Safe Senders List so you can delete entries that you no longer want as well as import or export the list. To get to the Safe Senders List:
1. Open any email you’ve received.
2. At the extreme left end of the command ribbon, click on the little image shown in the image below at #1.
3. Click on “Junk E-mail Options…” shown above at #2.
4. In the next window that appears, click on the “Safe Senders” tab and you will see a window similar to this one:
There is a lot you can do and should know about this Safe Senders List. As you may notice in the image above, it is in alphabetical order.
1. The U.S. Postal Service email address is highlighted because I clicked on it before capturing this image. It was used as the first example image in this article. If I decide that I don’t want this email address in the Safe Senders List by clicking the “Remove” button it is immediately deleted. Had I chosen multiple entries in the list and clicked on the “Remove” button, those email addresses or domain names would have been deleted.
2. You can add an email address or Internet domain name by clicking on the “Add…” button and entering the address or domain name.
3. You can edit an email address or Internet domain name by first choosing it from the list and then clicking on the “Edit…” button.
4. Import/Export is an important capability of the Safe Senders List to save and restore to and from a text file. I learned the hard way when I upgraded Microsoft Office that the Safe Senders List is NOT carried forward into the new version. I lost the entries for almost 300 email addresses and Internet domain names. Even though I had lots of full disk-image backups, I could not find a Windows file with the Safe Senders List. That meant I had to go through again choosing which email to have the Internet-linked images displayed. Although not a major headache, it was certainly time that could have been better spent.
5. The optional “Also trust emails from my Contacts” will give you fewer messages about displaying images at the cost of less security. Again, this balance between ease of use and security is your decision.
6. The optional “Automatically add people I email to the Safe Senders List” is like the above option. It will give you fewer messages about displaying images at the cost of some security.
(Note: Although I have not tried any of this in the online version of Microsoft Outlook, I expect that it is the same or very similar to the Windows version. To learn more about the online version, go to “Microsoft Office Full Version For FREE – Online“.)
Your feedback on this article is welcome. Please use the Comments section below to respond.
2 thoughts on “Be Careful Downloading Email Images In Outlook”
Cybercriminals can access your network through third-party websites or anything that you download to your devices. It can be an app, software, or media embedded with malicious components. Network security should be a priority even with a remote work setup. Both companies and employees should do their part in keeping their corporate network safe.
Although this article was focused only on Outlook email images, I agree with you completely. A company’s security is only as secure as the weakest link.