on't Get Bugged By Junk Email
First viruses, now this -- Watch out for a new "dirty trick" now
in use by many of the junk email hucksters out there. The trick is to embed
"email bugs" into images within a marketing pitch, usually
done in order to verify that you've received and read the solicitations. In
the past, email marketers have used special tags that identify the user when
the image is clicked on. For example, the html code might look like this:
<a href="http://track.offer888.net/cgi-bin/t?id=12345.6">
click here if you like butterflies</a>
which looks like this click
here if you like butterflies in the email. Innocent looking enough. But
when you click on this kind of link (which could just as easily be an image),
a unique identifier id is passed on with the request. What is different with
the new email bug? With the email bug, you don't even have to click anywhere
for your email address to be exposed. Just opening or previewing the email
triggers sending the code.
Background: Bugging email can be achieved by simply including a
special HTML image link within the sent message. Sometimes these images are
visible, other times not. However, just because you receive an email that
includes some sort of graphics does not necessarily mean that you've been
bugged. Pictures and graphics from friends and family, commonly included with
an email, are generally harmless. Email bug images differ from an ordinary
graphics in the method used to deliver and display the image within the email
you have received. These images are not physically included in the
email message itself but are delivered from an external Internet server in
direct response to a simple HTML request contained in the email message. For
example, the internal email bug html code could look like this:
<img src="http://xxx.xxx.xxx.xxx/bug.gif?msg_id=12345&rcpt_to=rdavies@ssdirect.com">
Essentially, when you either open (or even simply preview) the bugged
email, the HTML code automatically requests the bugged image from their
server in the same way that your normal Internet Browser does, along with
your email address or just an identifying code. When the junk marketer's
server receives the request for the image, it verifies that the junk email
previously sent to your address has been viewed or read. This verifies that
your email address is not only active and valid, but also that you, the owner
(or others with access to your computer), are willing to read or at least
preview their unsolicited junk email.
Are you vulnerable? One way to tell if your email software is
allowing these kind of bugs to track your behavior is to make a quick visit
to mackraz.com where
they test your email software's bug-ability by sending you a harmless, but
bugged, email and then reporting back to you as to whether their server was
able to subsequently read the bug. In addition, this site also does a good
job of explaining the issue in greater detail.
What to do? I have been testing an inexpensive shareware (free to
try) application named Spam Buster that does a very good job of sifting out
spam and other malicious email without actually reading the body of the text
in html mode. It runs before your normal email program directly accessing
your POP email account(s) from the internet and flags known and suspected
items. You can preview the header or body of individual email items and
then can flag and delete the junk. Because it previews and lists suspected
spam email in a text mode, the email bug issue is bypassed when the spam
email is deleted in Spam Buster. It also skims out much of the junk email
from your inbox so you don't have to wade through it brandishing the delete
key at the start of each day. Fairly easy to install and configure - all you
need to know is the POP Server name and your usernames and passwords. It does
require you to run the program first as an extra step in order to preprocess
your email. Recommended. Spam Buster can be downloaded for free from Contact
Plus at www.contactplus.com.
This is what I do .. I use MS Outlook Express for email and Norton
Antivirus updated weekly for virus scanning. OE is well integrated into the
Win9x operating system and has lots of useful features. To minimize the risk
of exposure to virus and to minimize the time required to handle the mounds
of junk email I receive daily, I have settled on the following procedures:
- I turn off the OE preview panel. Why? Loads faster. Minimizes potential
for virus activations. Protects my family from inadvertently viewing
offensive pictures in the email. I can detect (and delete) most email spam
just from the email heading information. Can then quickly delete 90% of
junk.
How to: click View, Layout, then uncheck 'Show Preview Panel' checkbox.
- I turn on all column headings for viewing - especially the To and Size
items. Why? The default configuration just shows From, Subject, Date ..
with To, Size information I can detect spammers faster. If email is From
SomeGoofyUnknownUser and sent to SomeUnknownListofSuckers you can probably
live without the life changing message.
How to: click View, Columns, then check the items you want displayed.
Remember, you can resize and reorder columns by dragging edges of headings
with your mouse.
- I disable download of email attachments. Why? Minimizes potential for
virus activations. If needed, I can temporarily turn this feature back on
to save or open valid attachments.
How to: click Tools, Options, Security, then check 'Do not allow email
attachments to saved or opened ..' checkbox.
- I avoid opening suspect email directly. Why? It is a precaution, like
keeping the chain on the door and just opening it a crack to ask 'who's
there'? When you preview the email in HTML mode (ie with pictures and
active links), you may be swinging the door wide open to letting the big
bad wolf virus (or equivalent) into your computer. Instead, I preview the
message source in text mode to see who it is and what they want. If no text
is visible there is a good chance that
How to: right-click on suspect email message, select Properties, Details,
Message Source, then maximize window.
- Once I have gotten rid all the junk, I just preview the good email by
double-clicking on one of them. Remember, in preview mode the 'prev' and
'next' buttons can be used to navigate the remaining emails on the
list.
Final Suggestions:
- Don't give out your real email address.. or stop giving out your real
email address. Get a free hotmail account to give out or set up a
disposable email forward with service like www.spammotel.com
or www.spammex.com.
- Don't preview. You can mitigate your exposure by turning off the
automatic default Preview Pane (for how-to: see above or search for
'preview' in Help).
- Don't open suspect emails, just delete them based on the From Email and
Header fields before/without previewing the suspect email. You can
usually tell from the displayed header and email name that it is spam.
- If you happen to look at one, don't bother clicking the 'remove me'
link. This just verifies your address to them. Even if you get dropped off
that list, you will likely be added to another.
- You can safely check out the actual html content of suspect email in
Outlook Express by right-clicking the email, then selecting Properties,
Details, Message Source. You will have to ignore the HTML tags to be able
to read it ..
- Certain email programs let you turn off the HTML preview and force the
display of messages in plain text only, but then all email received looks
goofy including your valid email.
- If you use AOL exclusively for internet/email you are probably out of
luck as AOL does not support standard POP3 email access, automatically
previews in HTML mode, and is a favorite target for spammers - expect your
first junk email within minutes of signing up.
Knowledge is power. Being aware of the what is happening in your inbox
gives you the opportunity to take appropriate action. Otherwise, you
may find that your email address might end up being sold to hundreds of
unscrupulous email marketers in a master list of valid and verified potential
sucker email addresses. May the Force be with you.
|
