Sometimes in a received email, the text is there, but in the place of what otherwise are pictures, are small blue question marks.

Somewhere in the text is the option/linlk to “View this message in a browser”. When I click on that link, the mail appears normally as a web page.

What is causing this and is there a setting I’ve overlooked that can preclude the extra step of viewing the message in a browser?

Check your Mail - Viewing preferences to ensure "Display remote images in HTML messages" hasn't somehow been unchecked.

That's what I did, even toggled the setting to see if that would help. No joy.

Then, after the third cup of coffee, I checked my LittleSnitch settings. Sure enough, I had precluded mail from connecting to Port 80. Once I changed/enabled that, all is again sweetness and light.

Amazing, how many problems are caused by my wife changing my settings while I sleep...

Little Snitch, and your mail program, and your wife, are all looking out for you.

Spammers send out millions of emails, most of which are never seen because they go to accounts that never existed, no longer exist, or exist but are no longer actively read. Naturally, they get the highest return on their investment by concentrating on email accounts that someone actually reads. But how to tell...

Well, if someone responds to the email, then presumable they read it. That's wonderful, but doesn't happen often. There's still value in all the accounts where human eyeballs actually see the mail, even if they don't respond. They'd love to be notified when the message gets opened.

And there is a way. All they have to do is embed a link to an image in the email. Your mail program won't actually download the image until you view the email. The act of fetching that image is the notification they're looking for.

Each piece of email they send out is customized; the email address (or equivalent identifying data) that was used has been appended to the url for each image (actually, for each link, just to be sure). The act of viewing the image (or clicking on anything clickable) informs them immediately that you're eyeballing their missive, and your email address suddenly turns golden in their list.

You've done it now. The spammers now know that you're someone who actually reads their spam. Your email address has just gone up in value, and has probably already been sold on that basis.

Your wife tried to shield you, Little Snitch tried to shield you, your mail program tried to shield you, but you didn't listen. Let the spam roll in.

What's the big deal about opening Port 80 to Mail? Why should that have a greater spam peril than: Safari, iTunes, Firefox, QT 7, RealPlayer, Dictionary, and virtually all Dashboard Clients, as well as a host of other applications? Don't they too require access through Port 80? (I surf about 10 hours daily.)

For the past 10 years or so, I receive about 3-6 spam messages a day, and have no third party spam blockers. The only spam filters I have are what is installed (by default) by AOL and Mail. I have had the same email address sine 1989.

Indeed I am confused.

What-ho Pen

There's a thread about spam here:

http://www.finetunedmac.com/forums/ubbthreads.php?ubb=showflat&Number=2464#Post2464

The problem isn't that they use port 80, or even that they use the internet.

The problem is that you've changed your mail settings so that every time you open a mail message with embedded images (or embedded anything) you're announcing to the sender that you've done that.

The same thing will happen if you use your browser to look at your incoming mail, and have configured it to display images automatically.

This is different from merely surfing to some random website. When you do that, they don't know who you are, and can't follow up with more spam.

Let me give an example to illustrate the difference.

Suppose you are surfing the web, and come to a page with a picture of a butterfly. The .html for the page probably contains something like:

<img src="butterfly.jpg">

which sends a request to the server to get the image. The server has no way of knowing who you are. (At best, it can set a cookie, but then all it knows is "this request is coming from the same guy who was here earlier", but it still doesn't know who you are, because it didn't know who you were when it gave you the cookie.)

But when you receive an email, that message can be custom-tailored to you. If they have reason to think that <pendragon@someisp.net> is a valid email address, they might send you some spam containing something like:

<img src="pendragon_someisp_net_butterfly.jpg">

and configure their server to deliver up "butterfly.jpg" in response to that request, after making a note of the "pendragon_someisp_net_" part of that. They've already made that note before you even see the butterfly. It's too late to call that request back. Before, they only suspected that <pendragon@someisp.net> was a valid email address; now, they not only know it's valid, but that someone actually reads mail sent to that address.

It doesn't matter whether you view the butterfly in a browser or in your mail app. What matters is that it was embedded in email that was sent to you, and you looked at it.

Many, many thanks for the detailed explanation and the time taken to write it. 'Tis much appreciated.

I think maybe, just maybe, perchance, and with good fortune, I am (even) beginning to understand (though not quite ready to test).

Indeed I have much to learn...

Have you considered submitting a FAQ on this topic? It is very interesting information.

these are "web bugs". some web pages have gifs that are 1pix x 1pix, and the gif alpha makes them transparent even, so they are absolutely invisible.

The bugs usually are more like http://www.malserver.com/webbug1.gif?1CDD5A62

The ? is a separator and passes the key following it, so they can look you up and see that you opened the page, or the email. The web server can at that time log your ip address even.

So they could send you an email with a webbug in it, and when you opened it, they'd (1) know you opened and read it, and (2) would have your ip address at the time you read it. (your WAN address)

Authorities use webbugs in email to track down people.

If a spammer includes such a tagged image in a spam, they can track the effectiveness of their spamming because they can tell which addresses actually got someone to open the email. ("we got a LIVE one here, add them to the Gold List")