[OT?] HTML email is evil - or, why we get so much spam

Bernard Devlin revolution at knowledgeworks.plus.com
Fri Nov 24 06:33:34 CST 2006


I'm sure some of you have seen this topic before, and I don't want to  
go into many of the issues involved in it.  However, there is one  
specific aspect of HTML email that everyone might accept is evil, and  
perhaps it is not widely known.  I'm bringing this up here, because  
Runrev is one of the few companies that sends me HTML email.

If you have a browser that renders HTML text, then it is perfectly  
possible for this email cient to be telling Spammers that the email  
address they spammed is valid.  All that is required is that one of  
the hrefs in the email that points to an image on a server (could  
even be to 1 pixel image), should actually invoke the equivalent of a  
CGI/Servlet/whatever, and pass the email address to which they sent  
the spam back to the server as a parameter.  The server then  
processes that request (including recording that your email address  
is valid) and returns the image requested.  I know it works - when I  
read about it a couple of years ago, I set about testing it.  I  
believe that this is one reason why Gmail (for example) does not  
render image tags contained in HTML email

As I'm starting to drown in spam (some days more than 50% of my email  
is spam), I'm looking at ways to minimize fake email.  I'm  
considering making my email client stop rendering HTML, but that  
means I will no longer be able to read Runrev's newsletters.

I just thought I'd pass this back in case others didn't realise what  
HTML email might imply.  I'm copying this to support at runrev.com so  
that they might offer an alternative to receiving HTML email, because  
if I do this I won't be able to read their newsletters in future.

Bernard



More information about the use-livecode mailing list