Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Safer e-mail: HTML and image spam

There has been a shift in e-mail away from simple “plain text” format to the more dynamic HTML ‘language’. This is due, in large extent, to the popularity of the Web-based e-mail accounts (GMail, Hotmail, Yahoo Mail) which has led most of us use our Web browser to access our Inboxes. HTML is (one of) the language(s) used to build websites.

There are many advantages — particularly to businesses — to using HTML to create an e-mail: HTML allows special fonts, colors, and characters, advanced formatting, and the embedding of images — such as the corporate logo. However, the very same characteristics of HTML which allows hackers to created poisoned websites allows them to create poisoned e-mails (which can infect your computer with malware, and allow a hacker to gain a “backdoor” to your system).

Tip of the day: Thwart the bad guys, set your e-mail client to “view as plain text”. (If you use Web-based mail, these changes can be made to your Settings as well; usual found in the E-mail Options menu.)
When HTML is viewed as plain text, the dynamic aspects (the dangerous ones) no longer issue commands but appear as ‘gibberish’, and the images are not downloaded to your browser (the very act of which tells a spammer that your e-mail address is valid).

When viewed as plain text, an HTML e-mail will look something like this…
> Content-Type: text/html; charset=ISO-8859-1 MIME-Version: 1.0
> Message-Id: 200801027772801.B6301EA@www.acme.com
> Date: Wed, 2 Jan 2008 12:28:01 -0500 (EST)
> X-NAS-Language: Unknown
> X-NAS-Bayes: #0: 1.83836E-098; #1: 1
> X-NAS-Classification: 0
> X-NAS-MessageID: 12651
> X-NAS-Validation: {5D10C463-FDBA-462F-8117-435D5F76DB08}
>
> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”

…which is quite different than, “Hi Joe! What do you know?” But if you scroll down through all that ‘gibberish’ (HTML code), you will come to the > <body> entry, which is the “meat” of the e-mail, and you’ll see..
> <body>Hi Joe! What do you know?</br>
…ignore the funny code and you’ll be able to read your e-mail without fear of “drive-by” worms and trojan horses, exploit code, giving away your address; and, you’ll — over time — reduce the amount of spam you receive.

I’m going to demonstrate changing your Settings in Outlook Express, but the method applies to other clients as well…though the menu names/locations may be slightly different.
Click on the Tools menu and select “Options”. You are going to change the way you read your e-mail, so click on the Read tab.
oe_opts.jpg
Find the setting for “Read as plain text” and select it– In OE, that means placing a check in the checkbox “Read all messages in plain text”. The “Apply” button will become active: click on it to effect the change.

Now click on the Security tab. Because spammers and hacker use images as their attack vector, and to bypass your spam filter, (images are downloaded from a server: the e-mail itself only contains a link), we’re going to block embedded images.
oe_opts2.jpg
Place a check in the “Block images and other external content in HTML e-mail” and click the Apply button. That’s it, you’re done.

*When an occasion occurs that someone sends you an e-mail that has a graphic embedded that you do wish to see — a map, say — open this tab and uncheck the checkbox and view the email. When you’re done, set it back to the protected mode.

Today’s free link: Glary Utilities. From website: “Glary Utilities is the #1 free, powerful and all-in-one utility in the world market! It offers numerous powerful and easy-to-use system tools and utilities to fix, speed up, maintain and protect your PC.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

January 3, 2008 - Posted by | advice, computers, how to, PC, security, spam and junk mail, tech, Windows | , , , ,

No comments yet.

Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: