The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, March 27, 2006

On web-bug protection in web mail

ShareWonders.com has a short post entitled How Spam Circumvents ‘Image Off’ features In Web Mail describing a new* technique for displaying web bugs despite the user's privacy preferences.

A web bug, for those not familiar with the term, is an image link embedded in an email. Html-aware news readers will fetch the image from a remote server when you read the message. The image link has specific information in it which will reveal to the image server exactly who it was that fetched the image. Web bugs can be used to validate email addresses, as well as a number of other privacy-violating purposes.

Some email clients and web mail servers, such as GMail, will inhibit these embedded image urls in order to protect your privacy. Typically, you'll see a message above the email that says somethng like "[This email program] has suppressed remote images to protect your privacy; click here to see images".

If you don't have an email client which suppresses remote image loading, your email address is likely to receive more and more spam as spammers get confirmation that it's valid.

The best ways to protect yourself are to only view messages as plain text, don't view messages from people you don't know (very hard, since some email comes from viruses running on your friends' machines), or to switch to an email client with the image-suppressing feature.

The supposed new technique described by Share Wonders, is to simply encode portions of the image tag in unicode, causing the web mail client to fail to recognize the tag as an image tag. It is doubtful that this technique works, and it's known not to fool GMail.

In many cases, the spam will contain the image data embedded right in the body of the email. These images will be displayed with or without web-bug suppression, but they're harmless. Since viewing them doesn't involve fetching anything from a remote server, they don't compromise your privacy.

For a good discussion, see the comments in the Share Wonders thread.

2 Comments:

Anonymous Aidan Kehoe said...

The supposed new technique described by Share Wonders, is to simply encode portions of the image tag in unicode, causing the web mail client to fail to recognize the tag as an image tag. It is doubtful that this technique works, and it's known not to fool GMail.

What do you mean with this? I am almost certain that you, like the rest of the world, don't use EBCDIC; as such using Unicode is nothing atypical. Do you mean things like &039; for ' ?

4:50 AM  
Blogger Spam Diaries said...

In the article, they used Unicode. I'm not convinced this works or will fool a search engine of any real sophistication.

Comments to the article indicate that this probably doesn't work. It's true that email can contain embedded images as well as links to external images. Embedded images are not a privacy threat, and so most mail clients go ahead and display them.

12:03 AM  

Post a Comment

Links to this post:

Create a Link

<< Home