Spammers 'using bugs' to find active e-mail addresses

Many spammers are including illicit code in their unsolicited mail to help them detect active e-mail addresses, a security firm warned last Tuesday.

MX Logic claimed that nearly 50 percent of spam sent over the last 12 months included a 'spam beacon' -- a piece of HTML code embedded in the e-mail that detects when an e-mail is opened, or even just previewed.

This information is then relayed back to the spammer, telling them that certain e-mail addresses are in use. Similar techniques are also used by marketing companies to track behaviour and detect the response rate to targeted emails.

Web users have long been advised to ignore spam, rather than replying to it, so as not to attract more attention from spammers. According to MX Logic, though, just looking at the junk mail is all it takes.

"Millions of users are unaware that spammers have the ability to track when they view and open their e-mail," said Scott Chasin, MX Logic's chief technology officer.

"While Web bugs are not a new phenomenon to the Internet, this new data shows that nearly one out of two spam messages now contain these beacons. This reinforces the fact that spammers are using increasingly deceptive tools to invade end users' privacy and harvest valid e-mail addresses."

Back in February 2003, UK law firm Masons warned that spammers were breaking the law by including these secret tracking codes in their messages.

MX Logic's spam filtering technology has been watching out for such bugs since March 2003.

• Related stories

• Alerts

Add your opinion

This is OLD news - it's been g ...Anonymous -- 15/04/04

This is OLD news - it's been going on as long as HTML-based spam has been around.

• Reply to comment
• Reply to story
• Report offensive content

Stories like this really amaze ...Anonymous -- 15/04/04

Stories like this really amaze me. Why is it that there are so few internet users who know about and make use of tools like Mailwasher, which lets them see a summary of what's in their server's mailbox, and delete all the spam without it ever reaching their own PC?
I long ago stopped being stunned at the brain-deadness of those who actually buy things from spammers and keep them in business. It's a sad fact of life that we have to share the internet with fools. There should be some kind of "internet driving licence" to keep them away from computers until they have a faint idea of what they are doing. :(

• Reply to comment
• Reply to story
• Report offensive content

Lies. MX Logix sell anti-bug s ...Anonymous -- 15/04/04

Lies. MX Logix sell anti-bug stuff, and they totally fabricated this rubbish statistic - it's a pity nobody bothered to verify their claims before helping them get this free advertising.

I monitor my outgoing traffic, and open all my "spam" (no choice - my business can't ever miss even just one legit email, ever), and practically none of it is "bugged". Extremely rarely, links in the emails might have unique identifiers in them, but this is *very* rare.

Spammers don't need to verify addresses - if your mail server accepted their email - you've *already* verified it to them; they don't care if it's opened or not afterwards, since it cost them nothing to send it. If they tried to track you openeing it, it *would* cost them loads more, since they've got to set up a "spam friendly" tracking server, and then afterwards, they've got the dilemma - "do I delete all the emails that were accepted but not recorded as opened?" - they're never going to do this, because tracking is so unreliable, and they'd be eradicating loads of good email addresses (which it costs them nothing to send to)... in other words - spammers are damned smart, and tracking spam makes no sense to them.

• Reply to comment
• Reply to story
• Report offensive content

It's not "illicit pieces ...Anonymous -- 20/04/04

It's not "illicit pieces of HTML" that they use. It's the simplest method possible - and it can't possibly be banned because what they're doing is simply server log tracking.

Here's how they do it...

They add a link within the email that loads a tiny 1x1 pixel gif - so you don't even notice the email is loading up an image when you open it.

This image isn;t contained in the email - it is loaded from their server using a ?individual number format.

For example the link code used to load the image for an email sent to you might look like this -

<img src="http://www.spammerserver.com/image.gif?10001">

then for the next name on their list they might use

<img src="http://www.spammerserver.com/image.gif?10002">

and so on. It's loading the same image.gif file, it's just adding a unique ID to each hit - an old trick which many web sites use to identify similar links within legitimate emails.

Then they look at their web logs and see what image links came in and match them up with their email addresses. Ta da - they know who opened the email and who didn't - using the simplest, most basic html.

Liz
i-sage

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials