Re: HTML email "bug", of sorts.

[PSE-L () mail professional org (Sean Straw / PSE)]

At 06:17 2001-08-18 -0400, Alex Prestin wrote:

> You may have heard of "web-bugs" before.

Never by that term, but what you're describing has been around for no less 
than FIVE YEARS - almost as long as HTML-enabled email.  The tracking 
technique is certainly not new.  I used to hear of them as 
"dot-trackers".  A search just now on "web bug" reveals that some people 
are now calling them by that name, and the following document may be of 
interest:

        <http://www.bugnosis.org/faq.html>


If you had a decent email client (oh, let's say Eudora Pro), there are 
features to disable the automatic fetching of linked HTML components (i.e. 
view the mail as just the HTML you already have, as well as graphics 
embedded within the message as attachments, but not go online to fetch 
anything).

Ironically, there's a valid use for them -- listservs and opt-in marketing 
propaganda could send a welcome message using a dot-tracker, and if the 
corresponding identifier is hit on the server, you know the user has a 
fully HTML-enabled email client, and can then update their profile to use 
HTML.  If you don't get hit, you send plaintext.  Not that I've heard of 
anyone actually using it for this, but it would be nice if companies did 
instead of automatically dumping HTML mail on you.

> "Web bugs" are small, 1x1 (or similar-sized) transparent GIF images

aka "transpixel GIF".

> About 1 in 10 sites use them.

I suspect more _real_ (non personal homepage oriented ones) sites use 
transpixel gifs -- they're frequently used for image alignment.  Other 
sites that track users simply have adbanners all over the place - same 
thing, and most users are oblivious to the fact that those adbanners ARE 
tracking you.  One of the various reasons I run a (homebrew) proxy script 
to eliminate adbanners (others are that printouts are cleaner, the page is 
less cluttered, less needless animation, and more efficient use of 
bandwidth and client browser cacheing).

> So, anyone have any idea of how to deal with this latest little spammer
> toy?

Disable downloading of images in HTML email or disable HTML rendering entirely.

Another time-proven method is to filter SPAM from your mailbox, using the 
so many other characteristics which identify most of the spam out 
there.  You should also aggressively protect your email address.

Methinks with a decent email client, it would be easy enough to search 
message bodies for your email address within links (note that listservs 
that afford an uns*bscribe link would make this difficult, and of course 
coded URLs wouldn't be matched), or for 'width="1"', 'height="1"' type 
elements and flag these messages as _suspicious_ (procmail, which runs on 
unix boxes is an excellent mail filtering utility, but such an option isn't 
available to everyone).  Doing such filtering AFTER "known clean" sources 
would significantly reduce misidentified messages - even my own spam 
filtering has a "green list" of senders and mailing lists which are not as 
aggressively filtered as those of unknown origin -- virtually anything left 
in my inbox (not specifically dropped into a folder) is spam these days, 
and that number is very small with RBL and spam filtering heuristics 
running on the server.


---
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

 Sean B. Straw / Professional Software Engineering
 Post Box 2395 / San Rafael, CA  94912-2395