How Spam Circumvents ‘Image Off’ features In Web Mail
Sunday, March 26th, 2006Got images turned off for emails by default to protect yourself from spam? If you’re using webmail, that might not be enough.
I use webmail for email: I’ve been using Yahoo! mail for a long time now, but recently I’ve switched to Gmail. Both of these two email services have a feature that lets you turn images off in email by default. This protects your privacy. If you load an image that came with your email, it lets the spammers know that your email works and they will add you to their list of working emails. If they find your working email address you’ll be spammed massively.
The ‘images off’ feature works most of the time, but recently I’ve noticed that some emails still manage to show images! I’ve seen these types of emails both on Yahoo! Mail and Gmail. How do they circumvent Gmail and Yahoo? Here’s the code that shows the images:
src\u003d\"/mail/?view\u003datt&disp\u003demb&attid\
u003d0.1&th\u003d10a31a3e38ec6da1\"
align\u003d\"baseline\" border\u003d\"0\">
By placing encoded unicode characters, they’ve circumvented Gmail’s ability to recognize what is in the email body. Your browser however will be able to understand the code, show the image, and destroy your privacy. As of this moment, I know of no way to prevent this from happening, other than ‘don’t open emails from people you don’t know.’ I don’t know if email clients like Outlook fail to not show images as well.
EDIT:
Here’s a screenshot -
Here’s the source for the entire body of the email.