Dirty SPAM Tricks

Many web users are becoming a bit more sophisticated when it comes to protecting their privacy, by using SPAM blocking software and carefully guarding their privacy when entering information online. Unfortunately, there are still two commonly used "dirty tricks" in use by the junk e-mail hucksters that can thwart even the most cautious among us.

The first trick commonly used by junk mailers is to embed "e-mail bugs" into their marketing pitches. This is usually done in order to verify that you've read their solicitations.

Bugging e-mail can be achieved by simply including a standard HTML link within the messages that they send. Sometimes these images are visible. At other times, they are simply one-pixel in size (and transparent in color) thus making them nearly impossible to detect.

However, just because you receive an e-mail that includes some sort of graphics, this does not necessarily mean that you've been bugged. What differentiates an "e-mail bug" from an ordinary graphic is the method used to deliver and display the image within the e-mail you receive.

Pictures and graphics that your friends send to you are commonly included in the e-mail message itself, (or included as attachments) and are generally harmless. On the other hand, images that are actually "e-mail bugs" are not physically included in the e-mail message itself. Instead, these are delivered from an Internet server in direct response to a simple HTML request contained in the e-mail message. Essentially, when you either "open" (or even simply "preview") the bugged e-mail, the HTML code requests the image from the server in just about the same way that your Internet Browser would.

The distinction is that with "e-mail bugs," the image is requested using a unique code that corresponds back to the original solicitation sent to your specific email address. The net effect is that when the junk marketer's server receives the request for the image, it verifies that the junk e-mail sent to your address has been viewed or read.

In the mindset of a junk e-mail marketer, this verifies that your e-mail address is not only active and valid, but also that the owner (you) are willing to read unsolicited email.

Additionally, many abusers of this tactic will then use the code to place a "cookie" on your hard drive, thus permanently "marking" your system for future web tracking and abuse!

The result is that your e-mail address will then receive much more SPAM and your address will be sold to other junk e-mailers as a "verified" address, one of the most valuable types in the junk e-mail business!

Fortunately, not all email software programs will participate in these shenanigans. Users of Eudora Pro, for instance, can disable the use of active HTML coding in their emails and thus defeat the bugging of their email.

The best way to tell if your email software is allowing bugs to track your behavior is to make a quick visit to: www.mackraz.com This site will allow you to test your e-mail software's "bug-ability" by sending you a harmless, but bugged, e-mail and then reporting back to you as to whether their server was able to subsequently read the bug.

In addition to disclosing if your email is ratting you out, this site also does a good job of explaining the issue in greater detail.

NOTICE: Eudora Users can protect themselves though these simply:

  1. Access the Tools menu,
  2. Choose Options, then go to:
  3. Viewing Mail and finally,
  4. Clear the "Use Microsoft's Viewer" option
This will make you "un-email-bugable" so to speak! However, I do not belive that Outlook and Outlook Express users can change any settings that will protect their privacy from such "e-mail bugs."

The second trick that's gaining wide implementation with the junk e-mail crowd is what I call the "E-mail URL" and it's a very sneaky one. Here's how it works:

You receive an unsolicited email (SPAM) that contains a link that you might actually wish to visit, if just out of curiosity. However, when you "click" the link, your browser not only takes you to the site, but also passes your e-mail address along to the solicitor's server.

For example, I recently received an email from WiseXRealtors.com where the hyperlink contained in the email wasn't simply:

"wiseXrealtors.com" but instead "wiseXrealtors.com/?source=myemailaddress"

(NOTE: I've modified the link just enough to break it so that they will not benefit from their intrusive tactics through this example)

The result of this slight distinction is that visiting the site from the link provided in the unsolicited e-mail would "verify" not only that I had visited the site, but that I had done so in direct response to the SPAM that I received.

On the Internet, there's practically no better guarantee of receiving endless junk mail offers than to prove, without a doubt that:

  1. Your e-mail address is both correct and active
  2. You do read junk e-mail solicitations, and that
  3. Your are willing to respond to them by visiting the solicitor's site
Fortunately, the defense against this tactic is simple, if slightly inconvenient.

The next time you receive an unsolicited email that contains a hyperlink that you might wish to visit, move you mouse over the Web site address, but do not yet click the link.

At this point, many e-mail programs will display the actual URL somewhere on the screen, (often at the very bottom) thus allowing you to clearly see if any information is added to the tail-end of the URL that might be used to personally identify you.

Keep in mind that many purveyors of SPAM will not be so obvious as to add your actual email address to the URL (as was the case above) but may simply use a unique code that can be cross-referenced to your email account.

Thus, where you see a URL such as "wiseXrealtors.com/?XHJK6754fg" you should assume that "XHJK6754fg" will be used to clearly identify your email address as the visitor.

In either case, if you do wish to visit such a site, without accidentally volunteering for a ten-fold increase in junk email, simply open your web browser and manually enter the web site address without the privacy threatening extensions. In the example cited, you would simply type: www.wiseXrealtors.com in your browser's address bar, and could then satisfy your curiosity somewhat anonymously.

Stephen M. Canale
Contact Stephen

Preparing Professionals for Competition in Tomorrow's Marketplace
Copyright©1995-2005 Stephen M. Canale