Tracking and Detecting Valid Mailboxes Through HTML Emails

Back in the days when Windows 98 was the latest Microsoft operating system, HTML email messages accounted for a large number of infected Windows-based systems. Surprisingly, things have not changed much nowadays either. Accepting and displaying HTML email messages still pose a great deal of threats for email users, regardless of what operating system they are using, or if the latter is actually immune to an attack based on vulnerabilities of other systems.

To illustrate, here are some of the possible threats posed by the use of HMTL messages; including, but not limited to virus or other malware infections, which still account for a high degree of risk. Threats posed by the use of html emails Based on HTML email, a malicious person is able to perform different scams and phishing attacks. These types of attacks consist in fooling the targeted email address user into giving out personal information such as: name, address, email address, personal bank account information. Such attacks involve impersonating a legitimate website to which the user may have previously registered and created an account.

Some scammers may go as far as impersonating banks or other financial institutions such as PayPal, in order to obtain credit card information or other personal details that can later be used to purchase goods, or even to empty a bank account. Many bank account frauds are made this way. As a countermeasure, if HTML emails are filtered at server level in a way that causes only text to be displayed such fraud attempts can be blocked and prevented.

Email clients have different approaches to HTML email. Mozilla Thunderbird, for example, does not display HTML content by default, as opposed to Outlook Express which displays HTML content by default. This does not mean that scams cannot be performed using simple text as well, but the probability for someone to believe a text message is lower in comparison to seeing an exact replica of their bank's website requesting their personal details.

As compared to these attempts some of our peers make with the purpose to scam people for their personal information, viruses and worms do not use the same techniques. Their goal may be infecting the operating system, but the infection mechanism may be hidden behind a special offer for a free product, that may actually cost the user a lot more than if they had bought a similar product for real money.

Another commonly encountered threat consists in the simple viewing of a HTML message that can further trigger the delivery of more spam to the user's mailbox.

How is that possible? You may ask. For instance, the spammer sends HTML messages that contain a different image filename link in each of the sent out messages. He also has an association between each image filename link and the email address that the message is sent to. When the message is displayed on the user's computer, if HTML viewing is enabled, the respective image file will be automatically requested from the spammer's server. At this point, the spammer knows that the message has been viewed on a computer and, based on the requested filename and using the association created, he now knows that the respective e-email address is in use. As a result, the spammer has found an active email user that he can convince to buy some of the products he advertises for. Another source of income for the spammer is selling a database of verified addresses, which is even more valuable than a database that contains 3 quarters of bouncing addresses.

This concludes some of the most important scenarios and consequences of using HTML in an email application.

For the original story, please check: http://www.mailradar.com/articles/Security/Tracking-and-detecting-valid-mailboxes-through-HTML-emails-41/page1.html