![[Mozilla Thunderbird Block remote images]](thunderbird_block_web_bugs.png)
This page is intended as a companion article for my page on avoiding sending HTML e-mail, and describes a few additional e-mail tips. Actually, I discuss just two topics in this article, namely:
Here, the first topic should be of interest to all e-mail users, as web bugs are one of the major privacy threats on the Internet. The second topic will only be of interest to Mac users, as it explains how Mac users can send attachments in a way that will be friendly to PC users (and also other Mac useres if they happen to receive your message using a web-based mail reader).
A "web bug" is an image, in either a web page or HTML formatted e-mail, with a hidden agenda to collect information about you while you view the web page or e-mail. For general information, see The Web Bug FAQ page. A web bug may be either an invisible (single-pixel) image that you don't see or a visible image that you do see as part of the message display. Web bugs are also sometimes referred to as "web beacons."
Web bugs in e-mail messages are always remotely hosted images. This means that the image isn't really part of the e-mail; instead, the e-mail contains only a pointer to a website where the image actually resides. When you view the e-mail, your computer accesses the image in realtime from that website. And in doing this, your computer inevitably sends some information to that website.
Under normal circumstances, your computer wouldn't send personally identifiable information to a website when accessing data. However, the sender of an e-mail message already has your e-mail address. The sender may have used software to customize the image pointer in the e-mail sent to you with a code tied uniquely to your e-mail address. Then, when your computer accesses the image from the remote website, software on that site knows that YOU are viewing the e-mail! In this way, the sender can use web bugs to track if and when you read an e-mail message.
Spammers love to use web bugs so they can track which recipients read their e-mail. When a spammer can verify that you've read their spam, your address becomes more valuable to the spammers, in which case you inevitably get on more spam lists and receive a lot more spam!
Web bugs may also be used by "legitimate" companies and organizations eager to find out who is reading their e-mail, and may even appear in e-mail from ordinary individuals, as there are companies (for example, DidTheyReadIt.com) that provide e-mail tracking service (presumably by inserting web bugs) for anybody willing to pay for it.
The easiest way to defend against web bugs is to use e-mail software that you can configure to avoid accessing and displaying remotely hosted images in e-mail messages. If you can do this, your computer won't access those remote websites, and therefore won't send any information to them, while you read your e-mail.
Blocking remotely hosted images will block all web bugs, but will also block some images that aren't web bugs. This isn't much of a problem because the messages in legitimate e-mails are usually evident by reading only their text, even if you don't see some of the images. (The e-mails that put their whole message in an image are invariably spam.) If occasions arise when you really want to view an image that's been blocked by your e-mail program, most of the newer programs with capability to block remote images also provide a button or link you can click to display the blocked images. (If your program doesn't provide this feature, you can still reconfigure it temporarily to display remote images.)
I will now comment on various e-mail programs and their ability to block web bugs.
These programs all have capability to block loading of remote images in e-mail messages. The screen capture below illustrates this for the standalone Mozilla Thunderbird e-mail program, but the same options can also be found in the other programs, including the integrated Mozilla suite (i.e., SeaMonkey) and recent (6.x or later) Netscape versions.
To block remote images in Thunderbird: In Windows version, choose Tools > Options... or in Mac version, choose Thunderbird > Preferences... Click "Privacy" in the row of icons across the top. Then, under the "General" tab, make sure "Block loading of remote images in mail messages" is checked:
Thunderbird also offers an option to allow remote images if the sender of the e-mail is in your Address Book. I recommend keeping this option UNchecked (as in the above screen capture) because, given the prevalence of e-mail spoofing, a message that appears to be from one of your Address Book contacts might not really be from that person.
Entourage has a very effective capability to block remote images and thereby suppress web bugs. In an early version of Entourage released for OS X (Entourage X), this was an optional feature that wasn't enabled by default. To enable it, you had to choose Entourage > Mail & News Preferences... and click the "Read" tab; then UNcheck the checkbox labeled "Allow network access when displaying complex HTML" as shown in the following screen capture:
![[Microsoft Entourage Read Preferences dialog box]](entourage_block_web_bugs.jpg)
The newer version of Entourage released in 2004 is more security conscious. To access relevant settings in this version, choose Entourage > Preferences... and click "Security" on the left side. By default, Entourage 2004 will not download remote images unless the sender is in your Mailing List Manager. If you wish, you may set it to also download remote images in messages from your Address Book contacts by clicking the circled checkbox:
![[Entourage 2004 Security Prefs dialog box]](entourage_2004_security.gif)
I recommend leaving this box UNchecked because, given the prevalence of e-mail spoofing, a message that appears to be from one of your Address Book contacts might not really be from that person.
Apple's Mail program supplied with Mac OS X can also suppress remotely hosted images. To activate this feature, choose Mail > Preferences... and click "Viewing" from the row of headings. Then UNcheck the checkbox labeled "Display remote images in HTML messages":
![[Apple Mail Viewing Preferences dialog box]](applemail_block_web_bugs.png)
News Flash: The latest versions of these Windows programs have improved their security considerably, similar to Entourage 2004 for Mac discussed earlier. Remotely hosted images are now blocked by default in Outlook 2003 for Windows and in the Outlook Express supplied with Windows XP Service Pack 2 which was a major recent security update for Windows.
Unfortunately, previous versions of Outlook and Outlook Express did not provide any capability to block remote images, so were extremely vulnerable to web bugs. If you use any of those older versions, I urge you strongly to upgrade to the current, more secure version. (If you work in an organization that still uses one of the older versions, ask your system administrators to upgrade!) In case you find yourself in circumstances (at least temporarily) that force you to use one of those older programs, I'll offer what advice I can:
Turn Off Preview Pane: A basic strategy is to identify up front the messages you have no intention of reading -- and delete those messages without allowing them to display. The first step in implementing this strategy is: Turn Off the Preview Pane! If the Preview Pane is active in those older versions of Outlook or Outlook Express, then as soon as you click a message title (even if your only intention was to delete the message), you display that message in the Preview Pane, thereby enabling any web bugs in it to do their dirty work. After turning off the Preview Pane, you'll have to double-click the messages you wish to display.
Note: Outlook Express provides only a single global setting to show or hide its Preview Pane (Choose View > Layout... Then UNcheck the box labeled "Show preview pane"). Outlook lets you show or hide a Preview Pane individually for each folder (Simply choose View > Preview Pane while viewing the folder). Always disable the Preview Pane in Outlook's Inbox and Deleted Items folder. You may enable the Preview Pane in other folders if you wish.
And remember: the Preview Pane should be turned off in those older versions of Outlook and Outlook Express because they have no capability to block remotely hosted images. It's safe to keep a Preview Pane enabled in programs that block remote images.
Customize Message Lists: After disabling the Preview Pane, you'll be relying more on the info displayed in your list of Inbox messages to decide whether individual e-mails are legitimate messages that you want to read. To help in this task, Outlook and Outlook Express both allow you to customize their listings to display more columns than usually displayed by default. As examples, I find it helpful to display Size and Recipient columns in the listing.
Use Outlook's AutoPreview: If you use Outlook, take advantage of its "AutoPreview" feature which displays a few lines of the message text inline within your list of Inbox messages. Unlike the Preview Pane (which can trigger web bugs if you allow messages to display there), the AutoPreview is safe because it displays only text -- not images or other objects. To activate AutoPreview in Outlook, select View > Current View > Messages with AutoPreview. (This will display AutoPreviews for only the unread messages in your Inbox. If you simply select View > AutoPreview, it would display an AutoPreview for every message in the list, including those you've already read.)
View Full Headers and Message Source: If you still aren't sure whether to open a particular message, you may view its full headers (and in Outlook Express, also its full source), all without displaying the message normally and triggering web bugs in it. To accomplish this: In Outlook, right-click the message title and choose "Options..." from the drop-down menu; you'll see a window containing full headers. In Outlook Express, right-click the message title and choose "Properties" from the drop-down menu; then click the "Details" tab. You'll see the full headers, and you may also click "Message Source..." to view the full source.
The Work Offline Trick: While older versions of Outlook and Outlook Express do not have any specific capability to block remote images, there is a way to force them not to access such images -- by choosing to "Work Offline" while reading your e-mail. If you use Outlook Express, simply choose "Work Offline" from its File menu (This actually works in both Windows and Mac versions of Outlook Express). If you use Outlook, do not choose Work Offline from its menu; instead, go to an Internet Explorer browser window and choose "Work Offline" from its File menu (This works because Outlook relies on Internet Explorer to display HTML e-mails). If you use this technique, you may need to toggle between online and offline modes several times a day, but you can avoid activating web bugs if you remember to go offline before reading e-mail.
The e-mail module in AOL client software doesn't include any capability to block remote images when displaying messages. But it does provide a useful feature: AOL's list of incoming messages displays a special icon for messages that include pictures. This indicator is presumably intended to help people avoid images they may find objectionable. But it also points out messages that may contain web bugs. AOL's image indicator makes no distinction between remotely hosted images (which may be web bugs) and attached images (which are generally harmless). Still, if the icon shows that a message contains images, and it's an unexpected message from a sender you don't know, you might decide that it's likely to include a web bug, so you might choose to delete that message without opening it.
AOL Open Mail Access: As of April 2004, AOL users are no longer forced to use the AOL client software for handling their e-mail. AOL now provides Open Mail Access which allows sending and receiving AOL e-mail using any standard Internet e-mail program. This means that you can read your AOL e-mail using a program such as Thunderbird or Entourage which can block loading of remote images, thereby using the capabilities of that program to avoid activating web bugs in your incoming messages.
Mailsmith from Bare Bones Software is an advanced Mac text-only e-mail program which is very aware of web bugs and other security risks present in HTML e-mail. Whenever you receive an HTML formatted message in Mailsmith, it displays a plain-text representation of the message and then gives you the option to view the actual HTML message using your web browser. As long as you view only the text representation, you won't trigger any web bugs or other nasty stuff in the e-mail. If you choose to view the HTML message using your browser, you would indeed trigger any web bugs that were in the e-mail.
If you have many correspondents who send you HTML formatted e-mail (which is often the case nowadays), it may get tiresome to continually view Mailsmith's plain-text representations of the HTML messages that your friends send you. On the other hand, when you receive spam e-mail and view its text representation in Mailsmith, you'll feel good knowing that you aren't activating any of the web bugs in these spam messages.
There are many web-based e-mail services, and many ISPs also provide a web-based mail reader for their customers. Often, these web-based e-mail programs include features that can be configured to block web bugs. I'll illustrate with the web-based mail reader provided by one ISP, namely, Earthlink. The following screen capture shows some of the options in Earthlink's web mail system:
![[Excerpt from Earthlink Web Mail Options]](elnk_web_mail_options.png)
As shown above, Earthlink's web mail offers a choice whether to show or hide images when displaying messages. If you choose to hide images, it would hide all images, without any distinction between remotely hosted images (which may be web bugs) and attached images (which are generally harmless). Still, hiding the images does block all web bugs. Moreover, if you've chosen to hide images but you decide that a particular message is legitimate and you're curious to view its images, Earthlink makes it very easy to do so. The screen capture below is an example of a message displayed by Earthlink web mail while configured to hide images:
![[Earthlink Web Mail - Example of received message with stripped images]](elnk_stripped_images.gif)
The note at the bottom "Images were stripped from this message" informs us that the message contained images that aren't being displayed. If we want to see those images, we can simply click the "View images" link to the right of that note. In this example, the message is obviously spam, so we presumably wouldn't have any intention to view the images. But it would be easy to display them if we choose to do so. Be aware, however, that if any of the images turn out to be web bugs, displaying them in a web-based mail reader would activate those web bugs, just as if they were displayed in a desktop e-mail program.
E-mail attachments sent by Macintosh users sometimes look very strange when received by a PC user -- or even by another Mac user who is using a web-based mail reader instead of a Mac-based mail program. The recipient may see two files with the same name, where only one of these two files contains usable data, and the other appears to contain garbage.
Note: The problem may be even worse when such messages are received by someone using Mozilla Thunderbird or other Mozilla e-mail software (even by Mac users running such software). The recipient may see only one attachment with a given name, but this attachment appears to contain corrupted data when the recipient tries to open it.
The problem is that, historically, Macintosh files have consisted of two pieces called a "data fork" and "resource fork," where only the data fork contains information usable to people on other computer platforms, while the resource fork contains only Mac-specific information. Many Mac-based e-mail programs send attachments by default in a format called "AppleDouble" which sends both the data and resource forks as separate MIME parts of a multi-part MIME message.
Unfortunately, most PC-based and web-based mail readers (and also the Mozilla e-mail software on all platforms) don't understand AppleDouble format; therefore, they may think the MIME parts containing the data and resource forks are separate files, only one of which (the data fork) contains any usable information. Meanwhile, even on a Macintosh, the resource fork is becoming somewhat of a dinosaur: With transition to the UNIX-based Mac OS X, Apple has been trying to do away with resource forks, although it will take some time until Mac resource forks have disappeared completely.
The best strategy for Mac users when sending e-mail attachments is to avoid AppleDouble and select a format that sends only the data fork of the file you're transmitting. This is clearly optimal for sending the platform-independent documents most often sent by e-mail (Microsoft Office documents, PDF files, GIF and JPEG images, etc.). But even if you're sending a Mac-specific file (that requires a resource fork) to another Mac user, your best choice is to first compress the file to a StuffIt or Zip archive, which reduces everything to just a data fork, then send just that data fork.
I will now discuss capabilities of various Mac e-mail programs to send only data forks and be friendly to recipients using PC-based or web-based e-mail programs.
Entourage normally sends attachments by default in AppleDouble format, but you can change its default to "MIME/Base64" which sends only the data fork of Mac files using the MIME format which is standard on other platforms. To do this, choose Entourage > Preferences... and, on the left side, select "Compose" under "Mail & News Preferences." Then, under the Attachments heading, set it to Encode for "Windows (MIME/Base64)":
![[Microsoft Entourage Compose Preferences dialog box]](entourage_attach_format.png)
According to documentation downloadable from its website, Mailsmith offers a choice of five attachment sending formats: AppleDouble, AppleSingle, Base64, BinHex and UUcode. Of these, "Base64" is presumably equivalent to the "MIME/Base64" format recommended above for Entourage, so would be the preferred format when using Mailsmith.
According to documentation downloadable from their website, Mac versions of Eudora offer a choice of four attachment sending formats: AppleDouble, AppleSingle, BinHex and Uuencode Data Fork. These do not include the "MIME/Base64" option recommended above. The best available choice in Eudora seems to be "Uuencode Data Fork" which is the only option that sends only the data fork. Uuencode format (which originated in the UNIX world) is older than the MIME/Base64 method which has now become standard on all platforms. But most e-mail programs do support Uuencode, so this ought to be a good choice.
Prior to Mac OS X 10.3 ("Panther"), the "Mail" program provided with Mac OS X had a terrible tendency to include resource forks when sending attachments, often creating a small (unnecessary) resource fork for files that never had a resource fork in the first place! Starting in the Panther version, however, Mail can send attachments in "Windows Friendly" format, meaning without a resource fork. To make this your default for all attachments, select Edit > Attachments > Always Send Windows Friendly Attachments. If you prefer not to select this option, you can still send individual attachments without a resource fork. To do this, when composing your message, select the file to attach by clicking "Attach" or by choosing File > Attach File... (but do not attach the file using drag-and-drop). Then, in the file selection dialog box, check the "Send Windows Friendly Attachments" checkbox at the bottom:
![[Apple Mail Windows Friendly option]](applemail_windows_friendly.gif)
I have tested several programs in this group, including the standalone Mozilla Thunderbird e-mail client and the e-mail modules in the integrated Mozilla suite and a Netscape 7.x version. None of these programs offers any choice of attachment sending format, and I haven't found any documentation saying how the Mac versions of these programs handle resource forks. (Note that these are cross-platform programs that run on Windows, Mac OS X, Linux, and sometimes other platforms, and for the most part, behave identically on all platforms.)
I found that with any of these programs, if the file being sent doesn't already have a resource fork, it is sent in standard MIME/Base64 format (i.e., these programs never add a resource fork to a file that didn't have one to begin with!). For files that do have resource forks, results are more variable: In some of my tests, such files did get sent in AppleDouble format (which transmits the resource fork as well as data fork). It's difficult to be entirely systematic in describing these results; for example, newer versions of these programs seemed less likely than older versions to use AppleDouble. But, as I said, I haven't found any documentation regarding this behavior. (If anybody knows for sure that the latest versions of these programs never send AppleDouble any more, please let me know!)
Another way for Mac users to send only their files' data forks as standard MIME attachments is to send them using a web-based mailer instead of an e-mail program on your Mac. When sending attachments with a web-based mailer, the files are first uploaded from your computer to a website before mailing software on that website sends e-mail to your desired recipient. In the first (uploading) step, only your file's data fork is actually uploaded to the website; thus, any resource fork, if present, is ignored.
I've tested this in several web-based mailers, accessed using several different Macintosh web browsers. In all cases, even though the files I attached originally had resource forks on my Mac, the e-mails included only the files' data forks, sent in standard MIME format.