Get a better and safer maibox


Tracking and Detecting Valid Mailboxes Through Html Emails

Back in the days when Windows 98 was thecomparison to seeing an exact replica of
latest Microsoft operating system, HTML emailtheir bank's website requesting their
messages accounted for a large number ofpersonal  details.
infected Windows-based systems. Surprisingly,
things have not changed much nowadays either.As compared to these attempts some of our
Accepting and displaying HTML email messagespeers make with the purpose to scam people
still pose a great deal of threats for emailfor their personal information, viruses and
users, regardless of what operating systemworms do not use the same techniques. Their
they are using, or if the latter is actuallygoal may be infecting the operating system,
immune to an attack based on vulnerabilitiesbut the infection mechanism may be hidden
of  other  systems.behind a special offer for a free product,
that may actually cost the user a lot more
To illustrate, here are some of the possiblethan if they had bought a similar product for
threats posed by the use of HMTL messages;real  money.
including, but not limited to virus or other
malware infections, which still account for aAnother commonly encountered threat consists
high  degree  of  risk.in the simple viewing of a HTML message that
can further trigger the delivery of more spam
Based on HTML email, a malicious person isto  the  user's  mailbox.
able to perform different scams and phishing
attacks. These types of attacks consist inHow is that possible? You may ask. For
fooling the targeted email address user intoinstance, the spammer sends HTML messages
giving out personal information such as:that contain a different image filename link
name, address, email address, personal bankin each of the sent out messages. He also has
account information. Such attacks involvean association between each image filename
impersonating a legitimate website to whichlink and the email address that the message
the user may have previously registered andis sent to. When the message is displayed on
created  an  account.the user's computer, if HTML viewing is
enabled, the respective image file will be
Some scammers may go as far as impersonatingautomatically requested from the spammer's
banks or other financial institutions such asserver.
PayPal, in order to obtain credit card
information or other personal details thatAt this point, the spammer knows that the
can later be used to purchase goods, or evenmessage has been viewed on a computer and,
to empty a bank account. Many bank accountbased on the requested filename and using the
frauds are made this way. As aassociation created, he now knows that the
countermeasure, if HTML emails are filteredrespective e-email address is in use. As a
at server level in a way that causes onlyresult, the spammer has found an active email
text to be displayed such fraud attempts canuser that he can convince to buy some of the
be  blocked  and  prevented.products he advertises for. Another source of
income for the spammer is selling a database
Email clients have different approaches toof verified addresses, which is even more
HTML email. Mozilla Thunderbird, for example,valuable than a database that contains 3
does not display HTML content by default, asquarters  of  bouncing  addresses.
opposed to Outlook Express which displays
HTML content by default. This does not meanThis concludes some of the most important
that scams cannot be performed using simplescenarios and consequences of using HTML in
text as well, but the probability for someonean email application.
to believe a text message is lower in



1 A B C D E 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126