Web Bug - Email Web Bugs

Email Web Bugs

Web bugs embedded in emails have greater privacy implications than bugs embedded in web pages. Through the use of unique identifiers contained in the URL of the web bugs, the sender of an email containing a web bug is able to record the exact time that a message was read, as well as the IP address of the computer used to read the mail or the proxy server that the user went through. In this way, the sender can gather detailed information about when and where each particular recipient reads email. Every subsequent time the email message is displayed can also send information back to the sender.

Web bugs are used by email marketers, spammers, and phishers to verify that email addresses are valid, that the content of emails has made it past the spam filters, and that the email is actually viewed by users. When the user reads the email, the email client requests the image, letting the sender know that the email address is valid and that email was viewed. The email need not contain an advertisement or anything else related to the commercial activity of the sender. This makes detection of such emails harder for mail filters and users.

Tracking via web bugs can be prevented by using email clients that do not download images whose URLs are embedded in HTML emails. Many graphical email clients can be configured to avoid accessing remote images. Examples include the Gmail, Yahoo!, and SpamCop/Horde webmail clients; Mozilla Thunderbird, Opera, Pegasus Mail, IncrediMail, later versions of Microsoft Outlook, and KMail mail readers. Other HTML techniques (such as IFrames) can still be used to track email viewing.

Text-based mail readers (such as Pine or Mutt) and graphical email clients with purely text-based HTML capabilities (such as Mulberry) do not interpret HTML or display images, so their users are not subject to tracking by email web bugs. Plain-text email messages cannot contain web bugs because their contents are interpreted as display characters instead of embedded HTML code, so opening messages does not initiate communication. Some email clients offer the option to disable all HTML in every message (thus rendering all messages as plain text), which prevents any web bugs from loading.

Many modern email readers and web-based email services will not load images when opening an HTML email from an unknown sender or that is suspected to be spam mail. The user must explicitly choose to load images. Web bugs can also be filtered out at the server level so that they never reach the end user. MailScanner is an example of gateway software that can disarm IFrames as well as web bugs. Disconnecting from the Internet before reading any downloaded messages and then deleting those messages suspected of containing web bugs before reconnecting may also eliminate the threat.

A hosts file or a filtering web proxy can be used to specify that some servers are never to be contacted for any reason. This file must be continually updated to reflect the fact that new tracking servers are periodically brought online, and old ones re-purposed to serve legitimate content.

As web bugs require the email software to fetch the content they have never been able to accurately count read rates for email campaigns. As a result of the above mentioned measures, they may become still less effective.

Disposition-Notification-To email headers may be seen as another form of web bug. See RFC 4021.