16

Most email clients do not display an image by default in the content of an email.

But I don't understand this yet. How can displaying image job attack the computer?

Improve this question

1 Answer 1

Reset to default
30

Emails can contain images in basically two different ways:

  • The images are included as part of the email, i.e. attachment
  • The images are loaded from the Web

The issues with these two are quite different.

The problem with the former, except bandwidth and storage, is possible issues with the software responsible for displaying the image.

Image files are processed by software to convert them from raw data into the actual images that are displayed. These software components can have general bugs or even security vulnerabilities that can accidentally or deliberately be exploited. Some images might be specifically designed to exploit these bugs, e.g. to crash your viewer (original article that crashed my browser years ago is no longer up).

Since this behavior is clearly a bug in the software, vendors prefer fixing issues with the image format components instead of making the users responsible for the stability of their programs. While it's an issue, as seen in the linked topic, it's far less of an problem than the one described below, in my opinion.

The latter has that same problem, of course, and additionally another, much more relevant issue:

The reference to the image in the email might have some kind of tracking, e.g. a part that identifies your email address or the specific email sent to you, so the sender can confirm your email address (in case of spammers) or that (and when) you actually read the email (many newsletters work like this — clicking links in these emails also often send you to some tracking/redirection web page first).

My mail client's online help states the following:

enter image description here

I can only disable loading remote images (i.e. those referencing URLs on the Web). Attachments in HTML emails are still displayed. Other email clients might handle this differently.

Since anyone can send you anything via email (unless you're strict on the filtering), it's better to be safe than sorry. That's why many email clients don't load or show images by default, requiring you to click on some button first.

Improve this answer
5
  • 3
    And in the olden days when bandwidth was o so much smaller downloading images you didn't want to see was a huge waste of time (and money).
    – Nifle
    Commented Jun 11, 2011 at 12:37
  • @Nifle Good point! I already ranted about that a while ago ;)
    – Daniel Beck
    Commented Jun 11, 2011 at 12:39
  • I think loading from the Web has a same problem with former issue if Browser's image renderer has a security vulnerabilities though. But it will be more safe because only major venders(reliable) make browsers.
    – Benjamin
    Commented Jun 12, 2011 at 1:33
  • @Benjamin Thank you. The fact that loading from the web has both problems got lost in my edit. Will make that clearer. Also, loading from the Web will exploit the email client. Browser's only a part in this if they send you links.
    – Daniel Beck
    Commented Jun 12, 2011 at 7:53
  • The image from unknown source can also be obscene or offending to you.
    – Stanley
    Commented Jun 12, 2012 at 7:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .