From Heinz Tschabitscher,
Your Guide to Email.
FREE Newsletter. Sign Up Now!

When you are reading an email message (and nobody is gazing over your shoulders), no one knows what you are doing. Right?

Unfortunately, this could be wrong.

HTML Return Receipts: Web Bugs

The use of HTML in email messages allows for flexible, pretty and useful formatting. You can even include pictures inline in your message easily.

If these inline images are not attached and sent with the email message but kept at a remote web server, your email client has to connect to the server and download them in order to display the pictures.

So, when you open an HTML email with a remote image in it and your email client loads the picture from the server, the sender of the message can find out a number of things about you:

• The email address the message was sent to — your email address — is working. This could be exploited by spammers, although they rarely care about whether their messages arrive or not.
• You have opened the message. If the sender can confront you with such evidence, it will be difficult to claim you never got or read an important message. (Of course, you can argue that what they did invaded your privacy. This will do nothing to negate the fact, though.)
• Your current IP address. Your IP address can reveal your physical location, and it is a valuable asset to know for malicious attacks.

Distressing, is it not? Before you never open an email again, take a look at the counter-measures you can take, though. They are usually simple and effective (you cannot be forced into revealing your identity). You do not even have to forgo the comfort of pretty HTML emails (including images).