Loading Remote Images; Still a Threat?
 

Many years ago, allowing remote images to be displayed exposed the email receiver to "web bugs". Now, with more and more users using adblock add-ons, I wonder if allowing remote images still have the same risks.

The reason I ask, is because I use many different platforms to receive and view email. Each one of them has distinct "safe lists", and maintaining those lists are a PITA.

So are web bugs used for tracking purposes in email still a threat?

Apparently Microsoft thinks it is a threat since Outlook by default doesn't load images, though you can change that setting. The problem is that so many emails these days are nearly unreadable without images that it makes an Inbox rather unpleasant to deal with. If you view your email in Gmail I think it is pretty safe leaving images turned on by default since they scan everything for malicious content. Here's what Gmail says about it:

I agree with TenFour (with some reservations). Some email systems (including Gmail and Fastmail) now open remote images through their server IP addresses, so the sender doesn't know your IP address. They also filter out any embedded viruses.

However, the sender does know that the message arrived at your account and bypassed the spam filters. Spammers using dictionary attacks (sending to random addresses) and those trying different techniques to get around your spam filtering will benefit by knowing that the message arrived successfully at your Inbox. If you receive what appears to be obvious spam in your Inbox I recommend marking it as spam and not opening it if possible. This is especially important if the sender seems to know something about you so might be phishing, and didn't just accidentally get your email address.

Bill

How does one find out that the suspected message contains some personal information without opening it?

Whatever else you think about Gmail they have the best spam filters in the business and I very rarely see one in my Inbox, despite having multiple email addresses forwarded there that have been widely available on the Internet for more than a decade. Plus, they learn quickly if you report something as spam. I do find it interesting that even more than a year after reporting a sender as spam that I can still see their emails arriving regularly in my spam folder--you would think that Gmail would block them somewhat earlier.

No lie. I often find myself saying things like "I know I'm not as good as Google at filtering spam, and frankly I don't know if I ever will be." Maybe it's the volume of data they have to parse, maybe it's just that algorithms are their wheelhouse, but they are the best.

As for remote images, they're only "dangerous" if your email application is vulnerable, but the worst of it is you don't know until you know. Someone has to be the first one to find out.

One advantage of being part of a very large population using a particular service is that the chances are very good that the "first one to find out" won't be you! I always say that the first sign of an icy road up here in the Northeast is an SUV in the ditch--people in big, powerful vehicles with 4-wheel drive feel they can push the limits in bad weather, so they end up in the ditch first.