Apple KBase Article - Apple Explains How Spammers Can Verify Your E-mail Address

by , 9:00 AM EST, January 23rd, 2003

Apple has added a new article to the Knowledge Base explaining some of the tactics that spammers use. The article also provides links to documents with information on how to help protect yourself. Apple's Knowledge Base (sometimes referred to as the KBase) is a central location for all of Apple's support documents and other important information.

Have you noticed that a lot of spam these days tends to be HTML formatted? Apple offers a reason for this. If the HTML-formatted message has any images within it, you could be sending your e-mail address back to the spammers without you knowing about it or doing anything. The second you load the message, you could be telling spammers that your e-mail address is legitimate. This can get you added to even more spam lists. Apple has the full story:

TITLE
Mac OS X Mail: How HTML E-mail Messages Relate to Unsolicited Commercial E-mail ("spam")

TOPIC
Rendering an HTML e-mail message may verify your e-mail identity to a legitimate or illegitimate sender, such as a sender of unsolicited commercial e-mail (a "spammer").

DISCUSSION
Note: This document discusses Mail, an application included with Mac OS X. The same concepts apply to other e-mail applications you may use.

Background concepts
The pages you view in a Web browser are most often written at least in part in hypertext markup language (HTML). On an HTML Web page, you most often see two types of content placed by the page author: text and images.

The text is actually contained in the HTML, but the images are not. Rather, the page author places a text link that loads the image file from a different location. Your Web browser loads the text portion first, then subsequently sends a request for the images, which are loaded afterwards.

Because modern e-mail applications can receive HTML-formatted e-mail messages, you should be aware that your e-mail application sends the same type of outgoing requests for images that are made by your Web browser. This feature is often referred to generically as "HTML rendering." In Mail Preferences, this option is labeled "Display images and embedded objects in HTML messages".

How viewing HTML messages relates to spam
There are both advantages and disadvantages to having HTML rendering turned on in Mail or any other e-mail client application. You should consider these when evaluating your personal preferences. The advantage is that you will be able to see HTML-formatted e-mail as the sender intended. When this is from someone you know or another legitimate source, this is aesthetically desirable and provides a better user experience.

However, spammers can use HTML mail to easily verify that your e-mail address is valid, which is a disadvantage. This is often done by embedding your e-mail address in the HTML links (particularly for graphics). When your mail application connects to the Internet to load graphics from the spammer's Web site, the spammer can log your address as "known good." Here is an example of how your e-mail address may be embedded in a link:

http://example.com/bizarre-x-html/yourname=apple.com/spamsite.html

To make that a tad clearer, when you open up some spam messages, the very act of opening those messages can make a call to the spammer's server that lets the jerk know that your e-mail address is legitimate, and that you read your messages. That's a one-way ticket to getting more spam. The full article actually has even more information in it, including advice on whether or not to turn off HTML rendering in Mail, and instructions on doing so. It is a very good read, and we strongly recommend that you check it out.

You can read the rest of the new Knowledge Base article at Apple's Web site.

The Mac Observer Spin:

We offer a big, fat Mac Observer Salute to Apple for posting this KBase article. It offers some excellent advice on a complex subject that benefits anyone willing to pay attention. That includes Windows users, as well, so if you are stuck on a Wintel box at work, you should consider Apple's advice for that machine, too. Note that Apple's instructions are specifically for Mail, and that you may need to get help from your IT drone to turn off HTML rendering on your Windows e-mail client.

Now we turn our ire on the societal leeches, the secondhanders known as spammers. That they can take something as potentially benign as HTML e-mail, though many hate it anyway, and ruin it for millions of people is just plain wrong. It is morally and ethically challenged, and offensive as can be. That those who send spam, and those who do the sending for them, can profit off of the millions of man hours wasted daily on dealing with their digital refuse is enough to send a peaceful person into an apoplectic fit. With any luck, there will be a day of reckoning for these scumbags, similar to the junk mail misfortune that befell spam lord Alan Ralsky.

We are thankful that Apple has provided some best-in-class spam tools in its Mail application.