html versus plain text

I've heard that if I open a spam/virus email in html the recipient can
detect this, presumably so they can add me to their 'active addresses' list
& and send me more of the stuff.

Is that true? Is there a security risk in reading messages in html format
rather than plain text, or is this just an urban myth?

I'm using OE6.00.2800.1123 and keep my win updates currnet.

Thanks


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004

Spam that contains what I call an HTML *Advertisement* can verify
your address just by being opened. That's not to say you're at risk
of a virus. If you are like me and like to use HTML a lot amongst
friends, you can protect yourself in two ways.

In ToolsOptionsRead, you can switch between reading in HTML and
Plain Text. In Plain Text, the HTML image will not be seen and
therefore not verify your address.

Another way is to make sure you are working *offline* before going to
your Inbox.

If you want to be able to switch between Plain Text and HTML quickly,
Have a look at this free OE Tool: www.oehelp.com/OETool/
You can also switch ID's, expand message threads and much more.
--
Bruce Hagen
~IB-CA~



"armpit surfer" wrote in message
...
I've heard that if I open a spam/virus email in html the recipient
can
detect this, presumably so they can add me to their 'active
addresses' list
& and send me more of the stuff.

Is that true? Is there a security risk in reading messages in html
format
rather than plain text, or is this just an urban myth?

I'm using OE6.00.2800.1123 and keep my win updates currnet.

Thanks


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004

Many thanks for your advice Bruce - I'll investigate the OETools program; it
looks useful.

"Bruce Hagen" wrote in message
...
Spam that contains what I call an HTML *Advertisement* can verify
your address just by being opened. That's not to say you're at risk
of a virus. If you are like me and like to use HTML a lot amongst
friends, you can protect yourself in two ways.

In ToolsOptionsRead, you can switch between reading in HTML and
Plain Text. In Plain Text, the HTML image will not be seen and
therefore not verify your address.

Another way is to make sure you are working *offline* before going to
your Inbox.

If you want to be able to switch between Plain Text and HTML quickly,
Have a look at this free OE Tool: www.oehelp.com/OETool/
You can also switch ID's, expand message threads and much more.
--
Bruce Hagen
~IB-CA~



"armpit surfer" wrote in message
...
I've heard that if I open a spam/virus email in html the recipient
can
detect this, presumably so they can add me to their 'active
addresses' list
& and send me more of the stuff.

Is that true? Is there a security risk in reading messages in html
format
rather than plain text, or is this just an urban myth?

I'm using OE6.00.2800.1123 and keep my win updates currnet.

Thanks


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004






---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 19/06/2004

In article , armpit surfer says...

I've heard that if I open a spam/virus email in html the recipient can
detect this, presumably so they can add me to their 'active addresses' list
& and send me more of the stuff.

Is that true? Is there a security risk in reading messages in html format
rather than plain text, or is this just an urban myth?

I'm using OE6.00.2800.1123 and keep my win updates currnet.

The security risk of viral messages is related to an iframe vulnerability; I
believe the OE version number you supplied has patched that vulnerability.

The privacy risk of HTML lies with accessing remote images. The sender can
create a very small image, 1x1 pixel, and park it in a coded folder on his
server. He can then log the connections to his server, and the accesses to
the coded folder, and know which email addresses have had the received
messages opened.

Bruce Hagan offers some solutions. Others include firewall tricks (allowing
MSOE only limited port 80 access), and dumping MSOE for a client which won't
render "lazy HTML" (the term used by Pegasus Mail to refer to HTML email
which calls remote images). Pegasus Mail won't render remote images under
any condition; if you want to see the full email, you have to tell Pegasus
to load the HTML in a local browser. And Pegasus Mail never was vulnerable
to iframe exploits at any time; nor does it know what to do with
DestructiveX, or JavaScript.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

"N. Miller" wrote in message
om...
In article , armpit surfer says...

I've heard that if I open a spam/virus email in html the recipient can
detect this, presumably so they can add me to their 'active addresses'
list
& and send me more of the stuff.

Is that true? Is there a security risk in reading messages in html
format
rather than plain text, or is this just an urban myth?

I'm using OE6.00.2800.1123 and keep my win updates currnet.

The security risk of viral messages is related to an iframe vulnerability;
I
believe the OE version number you supplied has patched that vulnerability.

The privacy risk of HTML lies with accessing remote images. The sender can
create a very small image, 1x1 pixel, and park it in a coded folder on his
server. He can then log the connections to his server, and the accesses to
the coded folder, and know which email addresses have had the received
messages opened.

Bruce Hagan offers some solutions. Others include firewall tricks
(allowing
MSOE only limited port 80 access), and dumping MSOE for a client which
won't
render "lazy HTML" (the term used by Pegasus Mail to refer to HTML email
which calls remote images). Pegasus Mail won't render remote images under
any condition; if you want to see the full email, you have to tell Pegasus
to load the HTML in a local browser. And Pegasus Mail never was vulnerable
to iframe exploits at any time; nor does it know what to do with
DestructiveX, or JavaScript.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Thanks for the additional advice Norman.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004