In association with heise online

HTML emails

HTML makes email colourful, rich and varied. With this diversity, however, come new dangers. For example, HTML can contain code in JavaScript, or VBS which is then executed on the email recipient's computer. Embedded objects can enrich email with multimedia effects or, as with the virus bagle.q, load a program from the internet that then infects the local computer.

HTML emails also lend themselves to being used to spy on the surfer. When a user allows the email program to present emails in HTML format and elements from the web are loaded, spammers, for example, can more easily figure out the various email addresses used.

In their advertising emails, spammers use pictures that are actually just links to their servers. When the recipient opens one of the emails, the email client tries to load the picture through the browser. Since the url has a unique identification, the spammer learns through the return contact that the email has reached its destination, that the email is alive and circulating. Such embedded spy pictures are also called web bugs.

On the market, verified addresses are clearly more valuable than unproven ones. Furthermore, the browser identifies itself and the operating system used, along with the IP address, the connection data for the provider, and often even the user's street address – all of which is information that raises the value of an address and helps to prepare for a targeted virus attack.


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit