The Microsoft Outlook mail client is Web-enabled through its support of HTML and embedded objects such as ActiveX and Java. Outlook uses security zones that are similar to Microsoft Internet Explorer (IE) security zones to govern HTML-based email.
You can configure Outlook 2000 and Outlook 98 to use the Internet, Local intranet, Trusted sites, or Restricted sites zones for all incoming HTML-based mail (the Internet zone is the default). You might want to adjust Outlook to use the Restricted sites zone because attackers transmit worms and viruses through email. To configure Outlook to the Restricted sites zone, open Outlook, select Tools, Options, then select the Security tab in the Options dialog box. On the Security tab, you'll find a Secure Content section. From this section, select Secure Content, select Restricted site from the drop-down menu, click Apply, and close the dialog box.
When you set Outlook to use the Restricted sites zone with Java disabled, Java will continue to operate in the Outlook mail client. To completely disable Java in Outlook, you need to also disable Java in the Internet zone, which can be a problem for sites that require Java. Add any sites that require Java to your Trusted sites zone to enable Java for those sites.
Make these manual adjustments to the Outlook mail clients on your network. These manual configurations take only a few minutes to perform, and they can prevent most malicious email transmissions and better secure your environment.