Tuesday, July 23, 2013

Images in Emails


Do you get emails with images, and outlook blocking the display of images in the preview/display page? Then this image would resonate well: 

Image files were always thought to be vulnerable for viruses as it’s quite easy to embed malicious code into jpg or other format of images. See this reference for some more details: http://www.sophos.com/en-us/press-office/press-releases/2002/06/va_perrun.aspx
Now this problem can be easily mitigated by good image readers/scanners which only understand the image format and display it if it adheres to that standard and it doesn’t execute anything.
So VIRUS is not the problem. If you carefully read the warning, it says to “protect privacy”… 
That’s interesting! What can a image from a 3rd party site do with privacy? Answer is simple and it’s not addressable by email clients.
Consider the image(s) to be downloaded is at customized link for your email id. Once this image is downloaded from the site, it just means that your email id is valid. Quick and Safe way for spammers to make sure your email id is valid and can be targeted for more spams! Since email client like outlook can’t easily determine if the image is used for email id verification or not, it simply blocks images asking you to validate to download images. This happens everytime the sender id isn’t from your trusted domain or safe list.
This concept is not only used by spammers but interesting apps have been designed using this. Checkout: http://www.spypig.com/


All this does is find out if your email has been read without asking for read receipt from clients!