Yes, if you use Torbutton, the attachment itself will be downloaded only via Tor.
I believe this is the short answer to your question, though everything else Mike said is good to keep in mind as well, especially in situations where paranoia is appropriate.
This is especially dangerous if you are using Yahoo Mail, because even if you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https).
Watch out for this. Yahoo's *login* page for webmail and other services may be HTTPS, but this reverts to plain HTTP once you're actually viewing your mail and downloading attachments. A simple solution for secure webmail at the moment is using Gmail and the new Firefox addon "HTTPS-Everywhere" available from https://www.eff.org/https-everywhere . This addon is *NOT* magic, as it only works with the particular list of websites available on its option page, but making sure "Google Services" is checked in it's options will allow all Gmail connections (including downloading attachments) to happen over HTTPS.
~Justin Aplin *********************************************************************** To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/