An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Blue Question Marks In Mail?
#2707 09/02/09 11:35 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Sometimes in a received email, the text is there, but in the place of what otherwise are pictures, are small blue question marks.

Somewhere in the text is the option/linlk to “View this message in a browser”. When I click on that link, the mail appears normally as a web page.

What is causing this and is there a setting I’ve overlooked that can preclude the extra step of viewing the message in a browser? confused


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Blue Question Marks In Mail?
Pendragon #2711 09/02/09 12:21 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Check your Mail - Viewing preferences to ensure "Display remote images in HTML messages" hasn't somehow been unchecked.


- alec -
______________________________________________________
24" iMac C2D 2.4 GHz, 20" iMac G5 1.8 GHz, 14" iBook 1.33 GHz
Re: Blue Question Marks In Mail?
Mississauga #2713 09/02/09 12:38 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Quote:
...ensure "Display remote images in HTML messages" hasn't somehow been unchecked.


That's what I did, even toggled the setting to see if that would help. No joy.

Then, after the third cup of coffee, I checked my LittleSnitch settings. Sure enough, I had precluded mail from connecting to Port 80. Once I changed/enabled that, all is again sweetness and light.

Amazing, how many problems are caused by my wife changing my settings while I sleep...


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Blue Question Marks In Mail?
Pendragon #3158 09/07/09 08:21 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Little Snitch, and your mail program, and your wife, are all looking out for you.

Spammers send out millions of emails, most of which are never seen because they go to accounts that never existed, no longer exist, or exist but are no longer actively read. Naturally, they get the highest return on their investment by concentrating on email accounts that someone actually reads. But how to tell...

Well, if someone responds to the email, then presumable they read it. That's wonderful, but doesn't happen often. There's still value in all the accounts where human eyeballs actually see the mail, even if they don't respond. They'd love to be notified when the message gets opened.

And there is a way. All they have to do is embed a link to an image in the email. Your mail program won't actually download the image until you view the email. The act of fetching that image is the notification they're looking for.

Each piece of email they send out is customized; the email address (or equivalent identifying data) that was used has been appended to the url for each image (actually, for each link, just to be sure). The act of viewing the image (or clicking on anything clickable) informs them immediately that you're eyeballing their missive, and your email address suddenly turns golden in their list.

You've done it now. The spammers now know that you're someone who actually reads their spam. Your email address has just gone up in value, and has probably already been sold on that basis.

Your wife tried to shield you, Little Snitch tried to shield you, your mail program tried to shield you, but you didn't listen. Let the spam roll in.

Re: Blue Question Marks In Mail?
ganbustein #3209 09/07/09 06:11 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
What's the big deal about opening Port 80 to Mail? Why should that have a greater spam peril than: Safari, iTunes, Firefox, QT 7, RealPlayer, Dictionary, and virtually all Dashboard Clients, as well as a host of other applications? Don't they too require access through Port 80? (I surf about 10 hours daily.)

For the past 10 years or so, I receive about 3-6 spam messages a day, and have no third party spam blockers. The only spam filters I have are what is installed (by default) by AOL and Mail. I have had the same email address sine 1989.

Indeed I am confused.







Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Blue Question Marks In Mail?
Pendragon #3211 09/07/09 06:45 PM
Joined: Aug 2009
Offline

Joined: Aug 2009

Re: Blue Question Marks In Mail?
Pendragon #3275 09/08/09 07:40 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: Pendragon
What's the big deal about opening Port 80 to Mail? Why should that have a greater spam peril than: Safari, iTunes, Firefox, QT 7, RealPlayer, Dictionary, and virtually all Dashboard Clients, as well as a host of other applications? Don't they too require access through Port 80? (I surf about 10 hours daily.)

The problem isn't that they use port 80, or even that they use the internet.

The problem is that you've changed your mail settings so that every time you open a mail message with embedded images (or embedded anything) you're announcing to the sender that you've done that.

The same thing will happen if you use your browser to look at your incoming mail, and have configured it to display images automatically.

This is different from merely surfing to some random website. When you do that, they don't know who you are, and can't follow up with more spam.

Let me give an example to illustrate the difference.

Suppose you are surfing the web, and come to a page with a picture of a butterfly. The .html for the page probably contains something like:

<img src="butterfly.jpg">

which sends a request to the server to get the image. The server has no way of knowing who you are. (At best, it can set a cookie, but then all it knows is "this request is coming from the same guy who was here earlier", but it still doesn't know who you are, because it didn't know who you were when it gave you the cookie.)

But when you receive an email, that message can be custom-tailored to you. If they have reason to think that <pendragon@someisp.net> is a valid email address, they might send you some spam containing something like:

<img src="pendragon_someisp_net_butterfly.jpg">

and configure their server to deliver up "butterfly.jpg" in response to that request, after making a note of the "pendragon_someisp_net_" part of that. They've already made that note before you even see the butterfly. It's too late to call that request back. Before, they only suspected that <pendragon@someisp.net> was a valid email address; now, they not only know it's valid, but that someone actually reads mail sent to that address.

It doesn't matter whether you view the butterfly in a browser or in your mail app. What matters is that it was embedded in email that was sent to you, and you looked at it.

Re: Blue Question Marks In Mail?
ganbustein #3299 09/08/09 04:06 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Many, many thanks for the detailed explanation and the time taken to write it. 'Tis much appreciated.

I think maybe, just maybe, perchance, and with good fortune, I am (even) beginning to understand (though not quite ready to test).

Indeed I have much to learn...


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Blue Question Marks In Mail?
ganbustein #3304 09/08/09 04:41 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Have you considered submitting a FAQ on this topic? It is very interesting information.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Blue Question Marks In Mail?
joemikeb #3350 09/08/09 11:02 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
these are "web bugs". some web pages have gifs that are 1pix x 1pix, and the gif alpha makes them transparent even, so they are absolutely invisible.

The bugs usually are more like http://www.malserver.com/webbug1.gif?1CDD5A62

The ? is a separator and passes the key following it, so they can look you up and see that you opened the page, or the email. The web server can at that time log your ip address even.

So they could send you an email with a webbug in it, and when you opened it, they'd (1) know you opened and read it, and (2) would have your ip address at the time you read it. (your WAN address)

Authorities use webbugs in email to track down people.

If a spammer includes such a tagged image in a spam, they can track the effectiveness of their spamming because they can tell which addresses actually got someone to open the email. ("we got a LIVE one here, add them to the Gold List")


I work for the Department of Redundancy Department

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.028s Queries: 34 (0.021s) Memory: 0.6212 MB (Peak: 0.7101 MB) Data Comp: Zlib Server Time: 2024-03-28 13:02:02 UTC
Valid HTML 5 and Valid CSS