HOME > ARTICLES
> Spam Protection Guide - 06
Spam Protection Guide - 06
EMAIL - Invisible To Spammers
Spam email costs money to send. Even though email is very
cheap per piece, the economics of spam require large broadcasts to reap a profit.
Spammers don't want to send email to non-existent addresses, which is what yours
looks like when it doesn't download the email.
Most commercial email, and most above-the-line spam (i.e.
not using hijacked slaves), sends a link in each email that attempts to download
a tiny image, a gif file measuring 1x1 pixels. This download only occurs in an
email program that renders HTML, i.e. web pages.
In the email is a link to a remote server that serves the
little "pixel gif" graphic. The server logs show each request for the
graphic, not just how many times the gif was requested, but details of each request.
Standard server log information includes the IP address, type of browser, your
computer operating system, and any referring information such as a cookie.
Each spam email contains a unique link to the gif server,
unique in that it contains the email address the email was sent to. So your IP
address can be logged and matched up with your email address. Down the road, you
may visit a site that logs your IP address and matches it up with your email address
(marketers have longed for this ability for years). Some of the spam email you
get may just be coming because of sites you've visited. As IP addresses become
more fixed with the growth of broadband, IP matching will become more profitable
and more prevalent.
The email we've become accustomed to, with stationery backgrounds
and colored fonts and such, and all the rich-email newsletters that resemble Web
pages, are actually the smokescreen that allows intrusion. We can receive HTML
emails, but only after we've previewed them as text-only. Newer versions of email
programs will hopefully allow the simple means to turn HTML off and on.
Even when sender and subject don't tell you enough, and
you have to download the whole message to study, if the email is only being viewed
in text then there is no request sent for the gif tracking image, and no ability
for any kind of script to take action. No kind of virus or interactive intrusion
can occur in text. Text is impervious to javascript actions, virus attachments,
and cookies that match your email address to your IP address and carry your privacy
details.
Most crucially, if the tracking gif image is downloaded
from the server using a request that contains your email, then at the end of the
campaign, it is known that you or your program at least opened the email. But
if you deleted the email on the server, or downloaded it to read in a text-only
email program, you did not send the request for the gif. The net result
is that your email address in the spammer's list shows that the email wasn't received
or opened. Eventually your name gets cleaned off that spam list.
Congratulations - You've become
invisible to spammers
And don't blow that invisibility by using the UNSUBSCRIBE
feature if it's presented in a spam email (although what were you doing even reading
it?). Using the unsubscribe in pure spam only tells the sender that your email
address is a good one, and you can be sure of receiving much more junk mail.
If the sender is a legitimate merchant that you've done
business with, or a clearly identified enterprise, you can unsubscribe safely,
and see if it works. If it doesn't you can choose to pursue it through the customer
service channels.
HOME > ARTICLES
> Spam Protection Guide - 06
