Lagos, Nigeria

Can I Get a Virus By Looking at an Email? – Ask Leo!

It used to be scary easy.

It used to be that simply viewing a malformed email could allow a virus to spread. Thankfully, that’s no longer the case with modern mail programs.

In the past, asking if your machine could catch a virus just by reading email got laughs from the geeks. “Of course not!” they chuckled.

Then came Outlook.

Not only could opening an email infect your machine, but for a while, you didn’t even have to be around to have it happen!

The geeks stopped chuckling.

Fortunately, today things are different.

It used to be that email programs would automatically run programs embedded in email messages when displayed, and occasionally those could be malicious. This is no longer the case, and you will not get a virus from looking at an email. It remains important to be skeptical with links and attachments, and to keep all software as up to date as possible.

HTML is the “language” of the web. It’s the way webpages are written and described so your browser can display them as the designer intended.

DHTML, for Dynamic HTML, and JavaScript, a programming language, added something HTML didn’t have by itself: the ability to do things. By “things,” I mean actions like turning this text red when you move your mouse over it to games you can play in your browser.

Your browser, and the HTML displayed in it, became a platform for computer programs.

Then came email.

HTML email

Email used to be plain-text only, and some of it still is.

But email began to be encoded using the same language as webpages: HTML. In HTML email, words can be bold or underlined, we can insert images, and more. Now email could be as “pretty” and complex as a magazine page.

Since many email programs simply used the web browser to display HTML, email messages could also now do things.

Then came malware.

Since email could “do things” like run small programs within their display window, it didn’t take long for hackers to write malware not only taking advantage of that, but exploiting vulnerabilities those programs could reach. Those vulnerabilities allowed them to infect your machine with more malware.

All because you opened your email and looked at it.

Before it got better, it got worse.

Then came Outlook.

The Preview Pane

I say “Outlook,” but any email program offering what we now call a “preview pane” was vulnerable. Outlook was one of the earliest and most popular.

It worked like this:

  • You left your email program open with the preview pane showing.
  • You had your most recent email message displayed in the preview pane.
  • You walked away.
  • You got a new message. Outlook, keeping the selection at “most recent”, selected the newly arrived message and updated the preview pane with its contents.
  • If the new message contained DHTML/JavaScript malware, it was possible it would run and infect your machine.

Your email program “looked” at a message and your machine was infected. You weren’t even there.

Fortunately, this didn’t last long.

Modern email programs and sites don’t do that

That possibility was quickly fixed.

The most dramatic fix is that JavaScript — and most other coding that used to allow an email message to “do something” — no longer works. Email is no longer treated like a webpage. Even when displayed in a web interface like Gmail, the message is scrubbed of any scripting that could cause problems before it is displayed.

Along the way, vulnerabilities related to email-based exploits have also been getting fixed, regularly and quickly.

Additionally, images aren’t even displayed by default by most email programs. This is done for reasons related to spam, but it also increases your malware-related security.

Today, things are very different.

No, you cannot get infected by just looking

Opening an email is a safe thing to do.

Having your preview pane open is a safe thing to do, even if you’re not around.

Email programs and email services no longer allow the things that once upon a time made looking at an email risky.


You can still get infected if…

The one thing missing from the discussion above is attachments.

The ability to attach an arbitrary file to an email message predates HTML-formatted email. It’s a convenient way to transfer a file from one place to another.

Unfortunately, the word “arbitrary” is appropriate. Any file can be attached to an email, including programs that would infect your machine with malware.

That’s why one of the admonitions you hear over and over is to never open an attachment you’re not expectingTweet this!
and that you don’t know for certain is safe.

You can get infected by just looking at the contents of an attachment.

Email safety rules

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my FREE special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

No strings. No email. Here’s the direct download. (Just right-click and “Save As…”.)

This post was written by Leo Notenboom and was first posted to

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

Tags: ,

%d bloggers like this: