+ Reply to thread
Results 1 to 8 of 8

Thread: This Image Has Been Removed for Security Reasons

  1. #1
    Stegodon
    Registered
    Feb 2009
    Location
    Santa Fe, NM
    Posts
    259

    Default This Image Has Been Removed for Security Reasons

    I get this message as a .png picture* when I open an HTML document in my webmail. Then I've got to click "Show Unsafe Images".

    Why aren't the images secure in the first place? What does that even mean?

    Why would it allow me to click to show them if they really are unsecure? I basically click to show them every single time, and I can't recall having any problems.

  2. #2
    Member
    Registered
    Feb 2009
    Posts
    34

    Default Re: This Image Has Been Removed for Security Reasons

    This refers to images that are not delivered in the mail maessage, but are linked into the html from a remote server. The owner of said server can then verify (based on the GET request) that you have actually received the email. For spammers, this is particularly important, and they will even try to identify the email address the spam was originally sent to.

    Also, because the image is remote, the image cannot be scanned locally before it is downloaded, so if the remote link contains an image file with a virus, the user may risk infection.

    Plus you give away information with the remote access, such as your mail client, IP address etc.

    Si

  3. #3
    Stegodon
    Registered
    Feb 2009
    Location
    Santa Fe, NM
    Posts
    259

    Default Re: This Image Has Been Removed for Security Reasons

    That's kind of scary, actually. Makes a lot of sense now, thanks.

  4. #4
    Elephant TheFlame's avatar
    Registered
    Feb 2009
    Location
    London, UK (Male)
    Posts
    916

    Default Re: This Image Has Been Removed for Security Reasons

    Interesting. My webmail client does this as well - I always groaned inwardly when it happened, but I never got around to enquiring about it.
    I didn't make the world this way, it was like this when I got here

  5. #5
    Member
    Registered
    Mar 2009
    Location
    Toronto
    Posts
    69

    Default Re: This Image Has Been Removed for Security Reasons

    Quote Originally posted by si_blakely
    For spammers, this is particularly important, and they will even try to identify the email address the spam was originally sent to.
    Actually, they will almost always know who the image was sent to. The image src attribute will usually point to a server-side script that takes a code that maps to an individual email record, and return the image. If you look at the source for the spam, you'll usually see a parameter, or a very convoluted-looking image name.

  6. #6
    Member
    Registered
    Feb 2009
    Posts
    34

    Default Re: This Image Has Been Removed for Security Reasons

    Quote Originally posted by Cerowyn
    Actually, they will almost always know who the image was sent to. The image src attribute will usually point to a server-side script that takes a code that maps to an individual email record, and return the image. If you look at the source for the spam, you'll usually see a parameter, or a very convoluted-looking image name.
    Exactly. Plus the image could be a 1x1 pixel picture that you will never see (known as a web bug).

    Si

  7. #7
    Member
    Registered
    Mar 2009
    Location
    Tel-Aviv, Israel
    Posts
    29

    Default Re: This Image Has Been Removed for Security Reasons

    To sum up what others have already said: there is a reason why many (most?) email clients won't automatically import <img> tags.

    And in general, if you don't know the sender, your best response is to not import them manually, either. I won't say "always," but it will usually be a spammer looking for valid e-mail addresses. By downloading the images, you are essentially telling the spammer "Santo's address? there's a real person actually reading the mail there!" At which point this mail address can be sold on to other spammers as part of a list of "authenticated" addresses (fetching a higher price than just a list of random addresses pulled of the net by a 'bot, most of which may be either dead or not in use.)

    In other words -- Just. Don't.

  8. #8
    Stegodon
    Registered
    Mar 2009
    Location
    here
    Posts
    204

    Default Re: This Image Has Been Removed for Security Reasons

    Yes, what they said.

    If you use a webmail client (Yahoo, Hotmail, etc), this will probably be a user-specified setting. You may need to go into your options panel and explicitly check the box that says, Don't show inline images unless I say so, or whatever.

+ Reply to thread

Posting rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts