halO

Sensible email programs or webapps does not show linked images in emails, since it would be so easy for a spammer to automatically check whether your email address is being read. To illustrate this, a spammer could send out an email with an image that pointed to a unique URL. This URL is bound to your email address and if it ever were to be loaded, they would know for sure that your email address was in use.

We also know there are good reasons to show linked images, for instance from a shop you have subscribed to that has some good deals every week. However, GMail gives me the option of always showing images from a certain email address. Do not trust this feature!

Let's say you've subscribed to newegg.com and they send out weekly offers from offers@newegg.com. All a spammer has to do is send out an email to loads of people, forge their address as offers@newegg.com and your email service (GMail isn't alone) will display the picture. The spammer of course links to images on their own server and records your email address as active. However they would also know you're a newegg.com subscriber!

What should have been done is accepting images from a certain domain, as in "Allow images from newegg.com?". That I could trust.