Apple Explains How Spammers Can Verify Your E-mail Address

Apple has added a new article to the Knowledge Base explaining some of the tactics that spammers use. The article also provides links to documents with information on how to help protect yourself. Appleis Knowledge Base (sometimes referred to as the KBase) is a central location for all of Appleis support documents and other important information.

Have you noticed that a lot of spam these days tends to be HTML formatted? Apple offers a reason for this. If the HTML-formatted message has any images within it, you could be sending your e-mail address back to the spammers without you knowing about it or doing anything. The second you load the message, you could be telling spammers that your e-mail address is legitimate. This can get you added to even more spam lists. Apple has the full story:

Mac OS X Mail: How HTML E-mail Messages Relate to Unsolicited Commercial E-mail ("spam")

Rendering an HTML e-mail message may verify your e-mail identity to a legitimate or illegitimate sender, such as a sender of unsolicited commercial e-mail (a "spammer").

Note: This document discusses Mail, an application included with Mac OS X. The same concepts apply to other e-mail applications you may use.

Background concepts
The pages you view in a Web browser are most often written at least in part in hypertext markup language (HTML). On an HTML Web page, you most often see two types of content placed by the page author: text and images.

The text is actually contained in the HTML, but the images are not. Rather, the page author places a text link that loads the image file from a different location. Your Web browser loads the text portion first, then subsequently sends a request for the images, which are loaded afterwards.

Because modern e-mail applications can receive HTML-formatted e-mail messages, you should be aware that your e-mail application sends the same type of outgoing requests for images that are made by your Web browser. This feature is often referred to generically as "HTML rendering." In Mail Preferences, this option is labeled "Display images and embedded objects in HTML messages".

How viewing HTML messages relates to spam
There are both advantages and disadvantages to having HTML rendering turned on in Mail or any other e-mail client application. You should consider these when evaluating your personal preferences. The advantage is that you will be able to see HTML-formatted e-mail as the sender intended. When this is from someone you know or another legitimate source, this is aesthetically desirable and provides a better user experience.

However, spammers can use HTML mail to easily verify that your e-mail address is valid, which is a disadvantage. This is often done by embedding your e-mail address in the HTML links (particularly for graphics). When your mail application connects to the Internet to load graphics from the spammeris Web site, the spammer can log your address as "known good." Here is an example of how your e-mail address may be embedded in a link:

To make that a tad clearer, when you open up some spam messages, the very act of opening those messages can make a call to the spammeris server that lets the jerk know that your e-mail address is legitimate, and that you read your messages. Thatis a one-way ticket to getting more spam. The full article actually has even more information in it, including advice on whether or not to turn off HTML rendering in Mail, and instructions on doing so. It is a very good read, and we strongly recommend that you check it out.

You can read the rest of the new Knowledge Base article at Appleis Web site.