Security

Viewing images in email can get you more spam

Yes, this is true, it's not just responding to emails, using unsubscribe links, automatic processing of delivery and read receipts and having blanket autoresponders, such as the ever popular "I'm out of the office until ..." sort of thing.  (While I'm on that, have you ever stopped to think of that as a security risk?  You're away - meeting or holiday - and you set one of those up broadcasting to anyone that sends you an email (coworkers, "friends", junksters, the ex ...) that you're away and that there's a good chance that your home is unattended ... think about it).  Images in emails can do the exact same thing.

How's it work?

Spammer sends out emails containing an image (real or fake, doesn't matter).  Each mail is sent out containing a different link to an image.  Fire these emails out and then the recipients open the email up and look at it.  While they are doing this their mail client tries to download the image for viewing in the email.  If the image exists, you see the image, if not, you see a big blank nothing.  Now either way there is a record in the logs of the server on which the email is hosted.  Knowing who has opened their email is now easy as the junksters know which email address matches which image.  It's easy and fast - and just to make things faster, they will have all this automated.  

Along with images and their associated logging, you can receive cookies too when the email goes to retrieve files.

How to avoid the problems?

These problems all revolve around the desire to have rich text emails as opposed to plain text emails.  I feel that emails in anything other than plain text constitutes too much of a security risk and the benefits (pictures, funky formatted text and so on) are not worth the associated threats.

Some email programs allow you to control how you view email but if you are a Microsoft Outlook user I would recommend that you download and install Attachment Options for Outlook by Slovak Technical Services - http://www.slovaktech.com/attachmentoptions.htm.  This handy utility not only gives you the ability to control how attachments are handled in Outlook but also control whether you receive email as plain text.

Spammers are getting cleverer (well, OK, maybe not clever, just leveraging technology is a slightly better way), we need to respond to these changing threats.



Adrian Kingsley-Hughes
Last updated: May 8th 2006
Print This Page   |   Email me when this page changes    |  Search This Site



Crucial.com System Scanner does the work for you!




Contact Us