HTML e-mail and image spam (repost)
Sorry folks, I have been performing tech support non-stop since 8am this morning. Took a break to eat lunch and quickly repost this prior article, which appear 1/3/08–
There has been a shift in e-mail away from simple “plain text” format to the more dynamic HTML ‘language’. This is due, in large extent, to the popularity of the Web-based e-mail accounts (GMail, Hotmail, Yahoo Mail) which has led most of us use our Web browser to access our Inboxes. HTML is (one of) the language(s) used to build websites.
There are many advantages — particularly to businesses — to using HTML to create an e-mail: HTML allows special fonts, colors, and characters, advanced formatting, and the embedding of images — such as the corporate logo. However, the very same characteristics of HTML which allows hackers to created poisoned websites allows them to create poisoned e-mails (which can infect your computer with malware, and allow a hacker to gain a “backdoor” to your system).
Tip of the day: Thwart the bad guys, set your e-mail client to “view as plain text”. (If you use Web-based mail, these changes can be made to your Settings as well; usual found in the E-mail Options menu.)
When HTML is viewed as plain text, the dynamic aspects (the dangerous ones) no longer issue commands but appear as ‘gibberish’, and the images are not downloaded to your browser (the very act of which tells a spammer that your e-mail address is valid).
When viewed as plain text, an HTML e-mail will look something like this...
> Content-Type: text/html; charset=ISO-8859-1 MIME-Version: 1.0
> Message-Id: 200801027772801.B6301EA@www.acme.com
> Date: Wed, 2 Jan 2008 12:28:01 -0500 (EST)
> X-NAS-Language: Unknown
> X-NAS-Bayes: #0: 1.83836E-098; #1: 1
> X-NAS-Classification: 0
> X-NAS-MessageID: 12651
> X-NAS-Validation: {5D10C463-FDBA-462F-8117-435D5F76DB08}
>
> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
…which is quite different than, “Hi Joe! What do you know?” But if you scroll down through all that ‘gibberish’ (HTML code), you will come to the > <body> entry, which is the “meat” of the e-mail, and you’ll see..
> <body>Hi Joe! What do you know?</br>
…ignore the funny code and you’ll be able to read your e-mail without fear of “drive-by” worms and trojan horses, exploit code, giving away your address; and, you’ll — over time — reduce the amount of spam you receive.
I’m going to demonstrate changing your Settings in Outlook Express, but the method applies to other clients as well…though the menu names/locations may be slightly different.
Click on the Tools menu and select “Options”. You are going to change the way you read your e-mail, so click on the Read tab.
Find the setting for “Read as plain text” and select it– In OE, that means placing a check in the checkbox “Read all messages in plain text”. The “Apply” button will become active: click on it to effect the change.
Now click on the Security tab. Because spammers and hacker use images as their attack vector, and to bypass your spam filter, (images are downloaded from a server: the e-mail itself only contains a link), we’re going to block embedded images.
Place a check in the “Block images and other external content in HTML e-mail” and click the Apply button. That’s it, you’re done.
*When an occasion occurs that someone sends you an e-mail that has a graphic embedded that you do wish to see — a map, say — open this tab and uncheck the checkbox and view the email. When you’re done, set it back to the protected mode.
Today’s free link: Glary Utilities. From website: “Glary Utilities is the #1 free, powerful and all-in-one utility in the world market! It offers numerous powerful and easy-to-use system tools and utilities to fix, speed up, maintain and protect your PC.
Copyright 2007-8 © Tech Paul. All rights reserved.
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
3 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Very informative… I thought ASCI was easiest to reaad than HTML, but Apparently, not on e-mails. Good advice, tech guy
LikeLike
And what about those same services like gmail and yahoo, etc… any tech person there can read all you send/receive… There is nothing private these days!
LikeLike
Mayaritte,
Well..ASCII is the most elementary, yes. All I meant was that e-mail uses either HTML or Plain Text formats and that the most basic text editor can ‘read’ those.
And, yes, I tend to agree with your last statement: nothing written down or/and transmitted is ever truly private. And, as security (and traffic) cameras become more and more prevelent, less of our activities go unrecorded as well.
It won’t be long before we have GPS tracking chips installed in our children — much like some of us do for (to) our pets now, for the same reasons.
Back to the point of the article– HTML is an ‘executable’ language, and Plain Text is not.
LikeLike