Helping people with computers... one answer at a time.
Blocking remote images in email is a common and important anti-spam technique. We'll look at how to turn it off, and then discuss why you shouldn't.
My computer constantly queries me "Some pictures have been blocked to prevent the sender from identifying your computer. Click here to download pictures". How can I delete this annoyance?
It depends on the email program you're using, but I'll show you how in Outlook Express and you can probably find the equivalent in your own email program.
Then I'll tell you why you don't want to change it; this behavior is exactly what you want. Honest.
In Outlook Express, click on Tools, Options, and then on the Security tab. You should see something similar to this:
See that option: "Block images and other external content in HTML e-mail."? Uncheck that and it'll do what you've asked for: display items immediately.
Let me tell you why you really want to leave that checked.
In a word: spam.
You'll eventually get more spam if you uncheck that option than if you leave it checked. And you may also run the additional risk of contracting a virus simply by looking at email.
Here's what's happening: when someone crafts an HTML email that includes images in it, the images can either accompany the email, or they can reside somewhere out on the internet. For example, my weekly newsletter includes my "signature" near the bottom, which is nothing more than an image, a photo if you will, of my signature that's stored out on my web site. (It's here, by the way: http://img.askleomedia.com/leo2.png) When you open the email, in order to display that image your email program must access my server to fetch the file.
Now, when you leave the "Block images" option unchecked, your mail program will go fetch images and display them automatically, no matter where the email came from or who sent it.
The images would be displayed even if the email were from a spammer.
Now, remember, every time you access a web page or an image from a web page that web server "notices". So in this case the spammer could know that you opened your email and accessed that image. Since spammer's regularly send to thousands and thousands of email address - legitimate or not - once they see one actually reference one of their embedded images they know that the email address is valid and that someone actually reads it. From a spammers perspective that's very very valuable. As a result, they send that address more spam.
If you leave images blocked by default, then this does not happen. The spammer never knows that you opened your email unless you explicitly choose to view the images.
In most email programs, if you add the sender to your address book or contact list, the mail program will consider that sender a "safe" sender, and will likely then automatically display images. Essentially, this allows you to display images automatically only from people you already know. (Though even this can have drawbacks, and spammers are getting better and better at spoofing or faking exactly who's sending the spam.)
I mentioned viruses earlier also. This isn't nearly as prevalent as it once was, but the scenario is still possible in rare circumstances. We have seen vulnerabilities in graphics display code - meaning that a hacker could craft a maliciously formatted image or file claiming to be an image that when displayed could cause an infection. As I write this, there are no known unpatched vulnerabilities of this sort, but they have happened in the past. With automatic image display enabled, one would only need to view an email carrying a malicious payload in order to become infected. Again, this is rare and uncommon, but also worth protecting against.
One of the reasons that it is rare and uncommon is that hackers have, for the most part, turned their attention elsewhere. Why? Because most people leave "Block images" turned on by default.
As, I hope it's clear by now, I believe you should as well.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.