There are numerous ways in which e-mail can be exploited in order to penetrate your network. Everyone is familiar...
with viruses, worms, and Trojan programs, although the mechanisms by which they spread can often be overlooked. Microsoft makes Windows the operating system and Windows applications scriptable and modifiable, and that provides an almost unlimited number of potential ways in which the hackerati exploit systems. It's a good idea to test your systems for their vulnerability to e-mail based intrusion. Several online tools are available that will attempt to probe an e-mail you provide in a variety of ways. These systems will send out e-mails of various types, and your receipt of an e-mail indicates a specific vulnerability. Some of these tools are free, others are designed to introduce you to the issues as well as push their commercial solution.
One example of a commercial product tester is found at GFI's Web site, where they pitch the product GFI MailSecurity. This page lists 8 different tests ranging from anti-virus software testing to VBS script blocking, as well as MIME header testing, among others. The site is a good source of information, and has several white papers on the topic. WindowsSecurity.com also has this same test suite, as does several other sites on the Web.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.