Helping people with computers... one answer at a time.

It's common for email programs to automatically block remote image retrieval. We'll look at why and how spammers and others can use remote images.

In Windows Mail, I received an email from a known vender (not spam) with all the pictures withheld. At the top (below the header) there was a message which read:

"Some pictures have been blocked to help prevent the sender from identifying your computer. Click here to download pictures."

My question is: How can a sender identify my computer by me receiving pictures? And of course, how great is the risk?

"Identifying your computer" in that informational message is somewhat vague, as it's not exactly what can happen. But the concept is still important.

And in fact, if you've ever seen ads or services that claim "we can tell you if your email has been read" - images are how they do it.

There are two types of images in email: attached and remote.

Attached images are exactly that: they're attached to and sent with the email message itself. When the message is displayed your email program need look no further than your own computer for the images, and typically will display them right away.

Remote images, not surprisingly, are also exactly that: remote. The email message actually includes a link to the image, rather than the image itself. The intent is that when the email is displayed, the email program will use the link to fetch the image from wherever it resides out on the internet and then display it.

Each of the two techniques has pros and cons. Attached images make your email larger and slower to download and deliver, but probably faster to display. Remote images allow for smaller emails, but assumes that the images can be fetched at the time the email is displayed, which is not always a valid assumption.

Most email programs today will block remote images by default unless you indicate that a particular sender is "safe", by adding it to an address book or some kind of safe list. This is typically what's happened when an email arrives and all you see are red dots or empty holes where the images should be.

Now that we know what remote images are, let's look at how they can be used, and abused.

Let's say I send an email to a large number of people. In that email - formatted in HTML - I include a link to an image on my server. Perhaps this:

http://ask-leo.com/images/askleonew.png

Which in HTML would be encoded like this:

<img src="http://img.askleomedia.com/askleonew.png" alt="Ask Leo! logo" />

And if displayed would look like this:

Ask Leo! logo

"... each time the image is displayed by an email program the retrieval of that image is logged."

That image is hosted on my web server and because of that each time the image is displayed by an email program the retrieval of that image is logged.

The result is that I can track how many people displayed the image. Note that this is not the same as the number of people that opened the email - since images are blocked by default there's no reliable way to do that.

So far, though, we haven't identified anything about you specifically. That doesn't take much of a leap, though.

Let's assume once again that I'm sending a large mailing to a number of people. In that email I include the same image, but this time I encode the HTML a little differently:

<img src="http://img.askleomedia.com/askleonew.png?email=you@example.com" alt="Ask Leo! logo" />

In other words I've actually included the email address I'm sending to as part of the link to the image. There are many, many techniques for doing and hiding this, but I've chosen something easy and obvious for this example. Each email contains a link to the image "personalized" with the email address I'm sending that message to.

When the email program fetches the image, it asks for:

http://ask-leo.com/images/askleonew.png?email=you@example.com

The "email=" part is ignored by the web server, which just returns the image.

But the "email=" part is logged.

And now we can tell not only that the message was opened and the image displayed, but exactly who opened it.

Unless, of course, images are blocked in your email program.

So how can this information be used and abused?

Well, with spammers it's easy: if they see that a particular email address has opened a message and displayed an image, the spammers now know that they have a valid email address that someone actually looks at. Expect more spam.

With legitimate businesses it's a little less clear, and in my opinion, a lot less concerning. They do track "open rates" to see how effective their messages are. They know that not everyone displays images, but they can observe trends in the portion that do.

Businesses can also track individual open rates if they want to, using the techniques above. Exactly how they might use this information will vary depending on the business.

My configuration is simple: I leave images blocked by default, but almost all the business senders are added to my whitelist so I can see their messages in all their glory.

Article C3275 - January 22, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Mark Brownlow
January 23, 2008 2:56 AM

Great explanation.

In theory, legitimate business emailers should be using open rates to make the emails they send you more relevant. To give an example:

Say you signed up for an email newsletter with information on cruises, because next year you want to go on one up the Amazon.

The emails the travel company sends you are sometimes about European cruises and sometimes about South American cruises.

If the company sees that you only "open" those emails about South American cruises, then they should change the focus of the newsletters you get. So there's more on South America and less on Europe.

In reality, though, most businesses don't get that clever and simply look at how many people in total open their emails so they can get a general feel for want people like most.

Greg Bulmash
January 23, 2008 9:40 AM

I've heard a number of terms for these tracking images. Some call them "web bugs," but my favorite is "ratware".

I do agree with Mark that it would be nice if open rates were used to personalize and target e-mail ads better, but they're just generally used to determine the success of a specific campaign, and at best they try to use the information to make their future subject lines more clickable to their broader mailing list.

George Arauz
January 30, 2008 1:36 PM

It actually doesnt protect it... maybe prevents a trojan virus here and there... but my advice.. dont open any emails you dont recognize.

susan shaw
April 28, 2009 3:14 AM

I recieve emails from stores to purchase items and you always need to click on them to see or by but my hotmail won't allow me to open them. I have always opened them in the past but sense I changed messenger 3 days ago, it wont let me open anything.What can I do (in simple terms please)? Thank you susan

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.