Email Marketing
Security Risk of Display Images in a Gmail Email
Jul 16, 2013
We’re often asked at Flashissue what is the security risk of “displaying images” in a Gmail or other email client?
As a general rule, it makes sense to turn off images by default because it prevents spammers from using images embedded in a message to confirm that they’ve found a real email address when someone actually reads their email.
Images in email are commonly used by spammers and marketers to determine whether or not you’ve opened an email. This implicitly also tells them whether the email was delivered successfully and whether the destination email address was valid (the useful part for spammers). Once a spammer knows if she has a valid email this becomes useful knowledge for her devious practices.
One of the best ways to get the maximum from your emails or newsletters is to ask your recipients to always accept images when the email comes from you. This is especially applicable for internal newsletters or an employee newsletter for example.
If you are sending a Flashissue email than asking your recipients to do this is a good option (of course, your request doesn’t always get across).
Apart from the spam issue, there are other potential security issues but these are going to be outlier cases for most of us.
- Image URLs can theoretically be used to attack a network from the inside. For example:
<img src="http://192.168.0.1/apply.pl?user=admin&password=admin&action=EnableRemoteLogin">
Hopefully an attack like the above would fail, but security folks prefer to limit exposure as much as possible. (source: Stackoverflow).
Related articles
Continue reading