Sister CISA CISSP

Jun 15 2009   12:23PM GMT

Web Bugs and Email

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I’m a big advocate of disabling HTML in email messages. The marketing people scream because they can’t run their pretty code to sell products and convey appealing images. Other folks love being able to use those nice fonts you can’t use with Rich Text for signatures.

But a pretty face can’t justify the dangers in accepting HTML email. I’m not talking about Gmail, Yahoo or Hotmail – those are web clients for email. By default they accept HTML email, but you can turn that off.

Virus writers have known for years that the auto-open of Microsoft Outlook will “run” HTML code, including activating embedded web bugs.

The recent report on Web Tracking by the University of California at Berkeley spotlights the use of web bugs on web pages and HTML email messages. HTML Email can be written to:

1. Use a web bug to find out if a particular message has been read by someone and if so, when the message was read.
2. Use a web bug to provide the IP address of the recipient.
3. Use a web bug to report how often a message is being forwarded and read.

Spammers love web bugs, because they can be invisibly embedded in the email HTML code to do the following:

1. To detect if someone is viewed a junk Email message or not. People who do not view a message are removed from the list for future mailings.
2. To synchronize a Web browser cookie to a particular email address. This trick allows a Web site to know the identity of people who come to the site at a later date.

Plus, phishers can use HTML to disguise the link that they send in the email so that it “looks” like a legit site.

HTML in email can be turned off, and frankly, should be turned off.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: