Helping people with computers... one answer at a time.

Blocking remote images in email is a common and important anti-spam technique. We'll look at how to turn it off, and then discuss why you shouldn't.

My computer constantly queries me "Some pictures have been blocked to prevent the sender from identifying your computer. Click here to download pictures". How can I delete this annoyance?

It depends on the email program you're using, but I'll show you how in Outlook Express and you can probably find the equivalent in your own email program.

Then I'll tell you why you don't want to change it; this behavior is exactly what you want. Honest.

In Outlook Express, click on Tools, Options, and then on the Security tab. You should see something similar to this:

Outlook Express Options to block images

See that option: "Block images and other external content in HTML e-mail."? Uncheck that and it'll do what you've asked for: display items immediately.

Let me tell you why you really want to leave that checked.

In a word: spam.

You'll eventually get more spam if you uncheck that option than if you leave it checked. And you may also run the additional risk of contracting a virus simply by looking at email.

"Let me tell you why you really want to leave that checked. In a word: spam."

Here's what's happening: when someone crafts an HTML email that includes images in it, the images can either accompany the email, or they can reside somewhere out on the internet. For example, my weekly newsletter includes my "signature" near the bottom, which is nothing more than an image, a photo if you will, of my signature that's stored out on my web site. (It's here, by the way: http://img.askleomedia.com/leo2.png) When you open the email, in order to display that image your email program must access my server to fetch the file.

Now, when you leave the "Block images" option unchecked, your mail program will go fetch images and display them automatically, no matter where the email came from or who sent it.

The images would be displayed even if the email were from a spammer.

Now, remember, every time you access a web page or an image from a web page that web server "notices". So in this case the spammer could know that you opened your email and accessed that image. Since spammer's regularly send to thousands and thousands of email address - legitimate or not - once they see one actually reference one of their embedded images they know that the email address is valid and that someone actually reads it. From a spammers perspective that's very very valuable. As a result, they send that address more spam.

If you leave images blocked by default, then this does not happen. The spammer never knows that you opened your email unless you explicitly choose to view the images.

In most email programs, if you add the sender to your address book or contact list, the mail program will consider that sender a "safe" sender, and will likely then automatically display images. Essentially, this allows you to display images automatically only from people you already know. (Though even this can have drawbacks, and spammers are getting better and better at spoofing or faking exactly who's sending the spam.)

I mentioned viruses earlier also. This isn't nearly as prevalent as it once was, but the scenario is still possible in rare circumstances. We have seen vulnerabilities in graphics display code - meaning that a hacker could craft a maliciously formatted image or file claiming to be an image that when displayed could cause an infection. As I write this, there are no known unpatched vulnerabilities of this sort, but they have happened in the past. With automatic image display enabled, one would only need to view an email carrying a malicious payload in order to become infected. Again, this is rare and uncommon, but also worth protecting against.

One of the reasons that it is rare and uncommon is that hackers have, for the most part, turned their attention elsewhere. Why? Because most people leave "Block images" turned on by default.

As, I hope it's clear by now, I believe you should as well.

Article C3475 - August 19, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Jill J Simandl
August 26, 2008 7:20 AM

I make jewlery and I would like a easy program for pictures. I tried photo shop but I need to keep them organized. Something I can catalog them in. Can you help me. The easyer the better.Pictures can be like 1 inch by 1 inch so it could even be a spread sheet. Please help.
Thank you

Eugene Lee
August 26, 2008 7:40 AM

The Real Deal with Pictures and E Mail and attachments:

Think...........The Pictures ARE the(E) Mail. It's hateful to need to punch up something else to get a look.

Example from two days ago:

Option A

My son sends a picture of my Grandson playing baseball. It comes up instantly when I open the E Mail (Outlook Express). Dates and info are readable alongside the photo. Nice.

Option B

If the picture is an attachment, I need to double click the attachment which then can be opened in some other program....I use Adobe and Windows Fax and Picture viewer. OK, it works but tedious.
And notes or titles for the photos cannot be viewed with the photos. Awkward.

I hope that you are still reading.

Security with Outlook Express:

My settings cause the only the E Mail Headers to be display, no preview pane. I can eyeball scan the list and eliminate Spam or things I just don't want, based on the sender name and Subject.

Anyway, my question, I hope you are still reading, is whether setting OE to put up titles only, does this avoid Spam and Virus type issues ??

Thank you Leo, I am a faithful reader.
I will gratefully open whatever you send.

Gene Lee, aka Tennisyoda

It depends on how absolutely positive you are that you will always be 100% right in determining which messages are legitimate from the information you allow to be shown. If you're certain you can be perfect, then without a preview pane you can allow images to be displayed by default when you open only those messages you know are legitimate.
My concern is the ability to be perfect. Heck, I've come close to falling for a phishing scam - they're getting very good. And that's after looking at the body of the message, not just the "from" and subject lines you see in the message listing.
There are two risks:
1) Malicious images included with the email (as attachments, or even those in the message body) could, potentially, exploit vulnerabilities on unpatched systems, or exploit newly discovered vulnerabilities. This is probably the less frequent case.
2) Images that appear within the email, but are hosted elsewhere (i.e. the image is not carried with the email, but referenced from a web site) when displayed acts as a beacon that the sender can use to know that the email was opened. Spammers use this to validate email addresses, and thereafter send more spam to known legitimate addresses. This is extremely common.
Ultimately it's up to you of course, but the extra click, the extra tedium is for your protection.
And it's how I operate myself - gladly.
-Leo
Roger
August 29, 2008 5:58 AM

Another issue is that many newsletters and other subscribed materail opens within the email. The images have to be unblocked to read the issue; this sort of defeats the entire blocking of images, doesn't it?

Not really. That's why most email programs will often let you configure them to automatically display images from email addresses in your address book (i.e. people you trust), or keep a separate white-list of addresses that you've said are ok to display images.

-Leo

Ziggie
August 29, 2008 12:30 PM

Leo, ever since you started responding in the original comments, I don't see your responses in the comment RSS feeds.

Not a big deal, I guess, but I miss seeing your responses...

Sam
April 30, 2010 2:50 PM

I purchased a new computer a few months ago & haven't been able to receive pictures or send attachments in my webmail account. I have Windows 7 and cannot figure out how to set my default email account - what I am doing wrong?

suzan
September 3, 2011 12:01 AM

It did not work on Outlook Express.

Mark J
September 3, 2011 7:19 AM

@Suzan
You might want to try a different email program.
http://ask-leo.com/why_outlook_express_must_die.html

J E Masson PhD CTC
December 9, 2011 1:19 PM

I tried your suggestion above and the problem was NOT resolved. I STILL get the pictures blocked! I've tried Alt/Shift/H and it works for me.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.