Re: Email webbugs

From: Scott Strehlow (strehlow@usermail.com)
Date: 08/27/01


Message-Id: <5.0.2.1.0.20010827103551.01c03a68@usermail.com>
Date: Mon, 27 Aug 2001 10:44:53 -0500
To: "abuse" <postmaster@getinfo.org>, "Focus-MS" <focus-ms@securityfocus.com>
From: Scott Strehlow <strehlow@usermail.com>
Subject: Re: Email webbugs

Geo, et. al.

Unfortunately, any image URL in an e-mail message can be used as a
bug. Hiding it is really only relevant if there is no contextual reason
for an image to be in the message.
Any e-mail client that will display the HTML will send the bug information,
since it is the actual image file URL that carries the identity information.
I've created Eudora rules that look for image tags with height and width =
1, which change the label property of the message to red. Any messages
with any image tag get colored orange. Of course this is not foolproof,
but it does give me a heads up that a message could possibly be "bugged"
and so I won't open it if I am not sure I want to. I can always look at
the mailbox file with Notepad to read the message without the images.

Scott

At 07:12 AM 8/27/2001, abuse wrote:
>One of the things that has always bothered me about Outlook Express and
>Outlook is that they are susceptable to webbugs. Basically there are no
>options to block confirmation of your reading an email so any spammer can
>verify that your address is active as long as they can get you to just view
>an email.