Why shouldn't we open an image in an email?

security email virus malware images

Most email clients do not display an image by default in the content of an email.

But I don't understand this yet. How can displaying image job attack the computer?


Solution 1:

Emails can contain images in basically two different ways:

  • The images are included as part of the email, i.e. attachment
  • The images are loaded from the Web

The issues with these two are quite different.

The problem with the former, except bandwidth and storage, is possible issues with the software responsible for displaying the image.

Image files are processed by software to convert them from raw data into the actual images that are displayed. These software components can have general bugs or even security vulnerabilities that can accidentally or deliberately be exploited. Some images might be specifically designed to exploit these bugs, e.g. to crash your viewer (original article that crashed my browser years ago is no longer up).

Since this behavior is clearly a bug in the software, vendors prefer fixing issues with the image format components instead of making the users responsible for the stability of their programs. While it's an issue, as seen in the linked topic, it's far less of an problem than the one described below, in my opinion.

The latter has that same problem, of course, and additionally another, much more relevant issue:

The reference to the image in the email might have some kind of tracking, e.g. a part that identifies your email address or the specific email sent to you, so the sender can confirm your email address (in case of spammers) or that (and when) you actually read the email (many newsletters work like this — clicking links in these emails also often send you to some tracking/redirection web page first).

My mail client's online help states the following:

enter image description here

I can only disable loading remote images (i.e. those referencing URLs on the Web). Attachments in HTML emails are still displayed. Other email clients might handle this differently.

Since anyone can send you anything via email (unless you're strict on the filtering), it's better to be safe than sorry. That's why many email clients don't load or show images by default, requiring you to click on some button first.

Related

What do you call the Ins/Del/Home/End/PageUp/PageDown key group on a keyboard?
Are there any open source app virtualization solutions for Windows [closed]
hexdump vs actual file contents
Windows explorer sees different file name from cmd
Windows Firewall: How to allow traffic on a specific port (eg. 8080)?
Can audio go to both the speakers and a bluetooth headset simultaneously
Show/Hide function folding margin on Notepad++
How to expand the WINDOWS partition when the Recovery one is in the way?
Remove Outlook from the Windows 10 Action Center
The Notepad++ tab bar keeps hiding
Is it possible to pin an application to the taskbar on a secondary display?
How to set decimal separator in Libre Office Calc?