Home »
EMail
»
Email Privacy
Summary: Blocking remote images in email is a common and important anti-spam technique. We'll look at how to turn it off, and then discuss why you shouldn't.
|
My computer constantly queries me "Some pictures have been blocked to prevent the sender from identifying your computer. Click here to download pictures". How can I delete this annoyance? |
It depends on the email program you're using, but I'll show you how in Outlook Express and you can probably find the equivalent in your own email program.
Then I'll tell you why you don't want to change it; this behavior is exactly what you want. Honest.
•
In Outlook Express, click on Tools, Options, and then on the Security tab. You should see something similar to this:
See that option: "Block images and other external content in HTML e-mail."? Uncheck that and it'll do what you've asked for: display items immediately.
Let me tell you why you really want to leave that checked.
In a word: spam.
You'll eventually get more spam if you uncheck that option than if you leave it checked. And you may also run the additional risk of contracting a virus simply by looking at email.
Here's what's happening: when someone crafts an HTML email that includes images in it, the images can either accompany the email, or they can reside somewhere out on the internet. For example, my weekly newsletter includes my "signature" near the bottom, which is nothing more than an image, a photo if you will, of my signature that's stored out on my web site. (It's here, by the way: http://ask-leo.com/images/leo2.png) When you open the email, in order to display that image your email program must access my server to fetch the file.
Now, when you leave the "Block images" option unchecked, your mail program will go fetch images and display them automatically, no matter where the email came from or who sent it.
The images would be displayede even if the email were from a spammer.
Now, remember, every time you access a web page or an image from a web page that web server "notices". So in this case the spammer could know that you opened your email and accessed that image. Since spammer's regularly send to thousands and thousands of email address - legitimate or not - once they see one actually reference one of their embedded images they know that the email address is valid and that someone actually reads it. From a spammers perspective that's very very valuable. As a result, they send that address more spam.
If you leave images blocked by default, then this does not happen. The spammer never knows that you opened your email unless you explicitly choose to view the images.
In most email programs, if you add the sender to your address book or contact list, the mail program will consider that sender a "safe" sender, and will likely then automatically display images. Essentially, this allows you to display images automatically only from people you already know. (Though even this can have drawbacks, and spammers are getting better and better at spoofing or faking exactly who's sending the spam.)
I mentioned viruses earlier also. This isn't nearly as prevalent as it once was, but the scenario is still possible in rare circumstances. We have seen vulnerabilities in graphics display code - meaning that a hacker could craft a maliciously formatted image or file claiming to be an image that when displayed could cause an infection. As I write this, there are no known unpatched vulnerabilities of this sort, but they have happened in the past. With automatic image display enabled, one would only need to view an email carrying a malicious payload in order to become infected. Again, this is rare and uncommon, but also worth protecting against.
One of the reasons that it is rare and uncommon is that hackers have, for the most part, turned their attention elsewhere. Why? Because most people leave "Block images" turned on by default.
As, I hope it's clear by now, I believe you should as well.
Related:
How does blocking pictures in an email protect my privacy? It's common for email programs to automatically block remote image retrieval. We'll look at why and how spammers and others can use remote images.
When I visit a web site, can the server identify me? A server can easily identify any users that visit their web sites. However, there are services that will allow you to surf anonymously.
Why don't pictures show up in the emails I send or receive? There are a few reasons as to why pictures won't show in the emails you send or receive.
Article C3475 - August 19, 2008
I make jewlery and I would like a easy program for pictures. I tried photo shop but I need to keep them organized. Something I can catalog them in. Can you help me. The easyer the better.Pictures can be like 1 inch by 1 inch so it could even be a spread sheet. Please help.
Posted by: Jill J Simandl at August 26, 2008 7:20 AMThank you
The Real Deal with Pictures and E Mail and attachments:
Think...........The Pictures ARE the(E) Mail. It's hateful to need to punch up something else to get a look.
Example from two days ago:
Option A
My son sends a picture of my Grandson playing baseball. It comes up instantly when I open the E Mail (Outlook Express). Dates and info are readable alongside the photo. Nice.
Option B
If the picture is an attachment, I need to double click the attachment which then can be opened in some other program....I use Adobe and Windows Fax and Picture viewer. OK, it works but tedious.
And notes or titles for the photos cannot be viewed with the photos. Awkward.
I hope that you are still reading.
Security with Outlook Express:
My settings cause the only the E Mail Headers to be display, no preview pane. I can eyeball scan the list and eliminate Spam or things I just don't want, based on the sender name and Subject.
Anyway, my question, I hope you are still reading, is whether setting OE to put up titles only, does this avoid Spam and Virus type issues ??
Thank you Leo, I am a faithful reader.
I will gratefully open whatever you send.
Gene Lee, aka Tennisyoda
My concern is the ability to be perfect. Heck, I've come close to falling for a phishing scam - they're getting very good. And that's after looking at the body of the message, not just the "from" and subject lines you see in the message listing.
There are two risks:
1) Malicious images included with the email (as attachments, or even those in the message body) could, potentially, exploit vulnerabilities on unpatched systems, or exploit newly discovered vulnerabilities. This is probably the less frequent case.
2) Images that appear within the email, but are hosted elsewhere (i.e. the image is not carried with the email, but referenced from a web site) when displayed acts as a beacon that the sender can use to know that the email was opened. Spammers use this to validate email addresses, and thereafter send more spam to known legitimate addresses. This is extremely common.
Ultimately it's up to you of course, but the extra click, the extra tedium is for your protection.
And it's how I operate myself - gladly.
-Leo
Another issue is that many newsletters and other subscribed materail opens within the email. The images have to be unblocked to read the issue; this sort of defeats the entire blocking of images, doesn't it?
-Leo
Leo, ever since you started responding in the original comments, I don't see your responses in the comment RSS feeds.
Not a big deal, I guess, but I miss seeing your responses...
Posted by: Ziggie at August 29, 2008 12:30 PM