Monday, January 24, 2005

Why Do Email Programs (like Outlook, Gmail, and Hotmail) Hide Pictures?

Since the advent of HTML email, people who write emails, particularly those with pictures, have "saved space" in the email by NOT including the picture in the email but instead by including an HTML tag that tells the email program where to find the picture. That is, when you open the email, it just says to the email program "Go get the picture from this website and add it to this email"--the exact same way that the web works. This makes the email smaller because the image file isn't actually included in the email, just instructions on where to go get it.

The problem is that tricky spammers use this mechanism to verify that your email address is a valid one to keep spamming. Instead of just putting a URL to a picture in the email, they alter the URL to simultaneously indicate who is asking for it. That is, instead of saying:
"Go get the picture at http://www.goodWebServer.com/emails/picturefile.gif" they say
"Go get the picture at http://www.bad.WebServer.com/emails/picturefile.gif?email='yourEmail@email.com'"

This way, a program on their server returns the picture file AND records that your email address is a valid one that they should continue to spam. These spammers send millions of emails arbitrarily (often just guessing at valid email addresses), so it's important for them to verify which ones are real and which ones are not.

If, on the other hand, your email program does NOT get the picture from the webserver, then the spammer never hears from you and assumes that you don't exist.

Of course, this is all very sloppy on both sides. Bring on email authentication!

joel

No comments: