Loading Remote Images; Still a Threat?

[sflorack]

Many years ago, allowing remote images to be displayed exposed the email receiver to "web bugs". Now, with more and more users using adblock add-ons, I wonder if allowing remote images still have the same risks.

The reason I ask, is because I use many different platforms to receive and view email. Each one of them has distinct "safe lists", and maintaining those lists are a PITA.

So are web bugs used for tracking purposes in email still a threat?

[TenFour]

Apparently Microsoft thinks it is a threat since Outlook by default doesn't load images, though you can change that setting. The problem is that so many emails these days are nearly unreadable without images that it makes an Inbox rather unpleasant to deal with. If you view your email in Gmail I think it is pretty safe leaving images turned on by default since they scan everything for malicious content. Here's what Gmail says about it:

Quote:

How Gmail helps make images safe
To help load images safely, images go through Google's image proxy servers and are transcoded before they're delivered.

This makes images safer because:

Senders can’t use image loading to get information like your IP address or location.
Senders can’t use the image to set or read cookies in your browser.
Gmail checks the images for known viruses or malware.
In some cases, senders may be able to know whether you've opened an email that has an image attached to a unique link. Gmail scans every message for suspicious content, and if Gmail considers a sender or message potentially suspicious, images won’t be shown and you’ll be asked whether you want to see the images.

[n5bb]

I agree with TenFour (with some reservations). Some email systems (including Gmail and Fastmail) now open remote images through their server IP addresses, so the sender doesn't know your IP address. They also filter out any embedded viruses.

However, the sender does know that the message arrived at your account and bypassed the spam filters. Spammers using dictionary attacks (sending to random addresses) and those trying different techniques to get around your spam filtering will benefit by knowing that the message arrived successfully at your Inbox. If you receive what appears to be obvious spam in your Inbox I recommend marking it as spam and not opening it if possible. This is especially important if the sender seems to know something about you so might be phishing, and didn't just accidentally get your email address.

Bill

[janusz]

Quote:

Originally Posted by n5bb

If you receive what appears to be obvious spam in your Inbox I recommend marking it as spam and not opening it if possible. This is especially important if the sender seems to know something about you so might be phishing, and didn't just accidentally get your email address.

How does one find out that the suspected message contains some personal information without opening it?

[TenFour]

Quote:

If you receive what appears to be obvious spam in your Inbox I recommend marking it as spam and not opening it if possible.

Whatever else you think about Gmail they have the best spam filters in the business and I very rarely see one in my Inbox, despite having multiple email addresses forwarded there that have been widely available on the Internet for more than a decade. Plus, they learn quickly if you report something as spam. I do find it interesting that even more than a year after reporting a sender as spam that I can still see their emails arriving regularly in my spam folder--you would think that Gmail would block them somewhat earlier.

[jarland]

Quote:

Originally Posted by TenFour

Whatever else you think about Gmail they have the best spam filters in the business and I very rarely see one in my Inbox, despite having multiple email addresses forwarded there that have been widely available on the Internet for more than a decade. Plus, they learn quickly if you report something as spam. I do find it interesting that even more than a year after reporting a sender as spam that I can still see their emails arriving regularly in my spam folder--you would think that Gmail would block them somewhat earlier.

No lie. I often find myself saying things like "I know I'm not as good as Google at filtering spam, and frankly I don't know if I ever will be." Maybe it's the volume of data they have to parse, maybe it's just that algorithms are their wheelhouse, but they are the best.

As for remote images, they're only "dangerous" if your email application is vulnerable, but the worst of it is you don't know until you know. Someone has to be the first one to find out.

[TenFour]

Quote:

but the worst of it is you don't know until you know. Someone has to be the first one to find out.

One advantage of being part of a very large population using a particular service is that the chances are very good that the "first one to find out" won't be you! I always say that the first sign of an icy road up here in the Northeast is an SUV in the ditch--people in big, powerful vehicles with 4-wheel drive feel they can push the limits in bad weather, so they end up in the ditch first.