"Responding" to spam simply by opening the e-mail?

I use Netscape 4.7. (I just do, okay?) When I single-click an e-mail, it opens in the lower frame of the window. Most of my mail is spam, so it doesn’t need to be opened – just deleted. But since it opens automatically I don’t have a choice. (I do CNTL+click the other spam, which cancels the load and I can delete them all at once.)

A lot of the spam seems to contain HTML – images, formatting, and what-not. By opening an e-mail, is there any chance that it could send a message/signal/cookie back saying that I’ve opened it? (My browser has a dialog box that asks if I want to send a receipt if one is requested. I always click “no” even if it is from someone I know.) Is there any chance that the HTML could call a page that somehow loads a virus?

A while ago, I would have though the answer is “No. You can’t get a virus unless you open an infected attachment.” But with viruses becoming more and more insidious, I’m not so sure. So to recapitulate:

  1. Can I now get a virus simply by reading an e-mail?

  2. Can an e-mail that uses fancy HTML “call” a virus that someone has stored on a webpage?

  3. Can an e-mail tell a spammer that my address is good, just by my browser automatically opening the mail when I click on it to delete it?

Oh, just to clarify:

#1, I have always believed that simply opening the e-mail is safe, and I have not heard anything about “auto-infecting” e-mails. Just asking.

#2, I don’t believe you can become infected just by visiting a webpage. Again, just asking.

I’m not sure about 1 & 2

When you open a spam that contains web-graphics, the HTML code in the e-mail will request and download the graphics from the spammers web-server. This can tell a spammer whether or not your e-mail address is valid and exactly when you opened and viewed the spam.

The graphics don’t necessarily have to be visible, either. They can be as small as 1x1 pixel. These are called “web-bugs” and basically they are the graphic version of cookies. Web bugs are also used to track peoples web surfing habits. When you visit a webpage, the content you are viewing in your browser doesn’t necessarily all come from the webpage you are visiting. Embedded web-bug graphics can point to a completely different location, say . . . an advertisers computer. These web-bugs can be logged by an advertisers computer and tell him which webpages you visited on the hosted site and when. tures’ which can be associated with a particular e-mail or webpage.

Lots of good info about webbugs here.

If you disable the Preview Pane in Outlook Express, you can avoid downloading the body of the spam, which contains the HTML code.

D’oh! I really thought I previewed.
Strike that last ‘sentence’ just before the link. :slight_smile:

  1. Yes, if your mail reader has security flaws.
  2. Same as 1.
  3. Yes, if the message contains linked images or whatnot.

It’s possible to embed a virus in HTML. I haven’t seen one that was very bad yet, though.

http://vil.mcafee.com/dispVirus.asp?virus_k=99220

      • That’s not a virus, it’s an infinite loop in javascript. It can’t spread through any computer, and all you have to do is reboot or shut off your email client. They recommend using an email viewer in text-mode only though, which makes me wonder: do web bugs still get requested from a email viewer set on text-only viewing? Can a web-bug be text as well as graphics?
        ~

Yeah, it’s a trojan, not a virus. Figured it would be of interest to him anyway.

Either get a email reader that allows you to specify that it should never download embedded HTML links unless you expressly ask to.

OR

Get into the habit of reading your emails while offline.

Also some dedicated services like aol msn ect let you see if soemone opened your mail Which just leads to more spam …

One feature which I would like to see in OE is the option of not requesting or downloading HTML linked files and only display the text in the original email. As has been pointed out, when most of the HTML email you get is spam, there’s no point in downloading the linked files.

I don’t use Outlook at home. To cluttered. Is there a way to do this with Netscape Messenger?

sailor, you mean something less roundabout than selecting “properties” for the message and then clicking on “details” and “message source”, right?

I don’t know if this will help anyone, but here’s what I do. I use OE and ZoneAlarm. I’m on a mailing list that uses Yahoo, and the emails have ad images. Before I view the email, I click on the ZoneAlarm icon and “Engage Internet Lock”. This prevents the ads from downloading when I open the email.

Dunno about 1 and 2 in NS… IE is the one with all the holes.
As for #3:
Step 1: Send e-mail with img tag something like <img src=“http://www.imaspammer.com/SmallImage.cgi?JohnnyLA@someplace.com”>
Step 2: JLA opens e-mail
Step 3: Request is made for an image, which turns out to be a 1x1 gif that you can’t see.
Step 4: Spammer reads output from cgi program, sees that JLA’s addr. made a request
Step 5: Sells addr.
Step 6: Spammer goes to deepest, darkest level of heck.

(Well, I’m hoping about step 6, but I can’t guarentee it.)

My advice - use Mozilla. It’s free, and since Mozilla is developed by many of the same folks that brought you Netscape, you should feel right at home. I was a longtime Netscape user until I switched to Moz. www.mozilla.org

In Mozilla Mail, go to Edit>Preferences>Privacy&Security>Images and check the option “do not load remote images in mail & newsgroups”. While you’re there, also check “Animated images should loop once”. That’ll keep those annoying animated gifs from looping over and over.

Another cool trick in the browser part of Mozilla is that you can right-click on any web image and choose “block all images from this server”. Do this on every banner ad you see, and soon you won’t see many. Kewl.

The poster who suggested that a spammer gets your email address from you viewing an image is partly right - simply loading an image will not tell the spammer your email address. Your IP address, yes, but that’s useless for email purposes. What happens is, often the image request in a spam calls for an image with a unique code in it. The spammer checks his weblogs, looks for the unique code, and matches it up with the email address that that code was sent to. Don’t think spammers are this clever, they simply buy software that does all this. Most spammers are clueless halfwits, and many will register their domains to their home address. Most useful for disposal of unwanted dog waste. But I digress.

Off topic, but on the subject of Mozilla, can anyone figure out how to make it not automatically download newsgroup articles? This is a bit of a hassle when paging through large lists of binary newsgroups.

Happy surfing,
Capnfutile