Why you shouldn't open or even preview suspected email

Malicious email attachments are often talked about in the mainstream media. Much attention is drawn to email borne viruses and the like that can take over your computer and destroy your data. We're often warned about opening attachments from people we don't know or for things we haven't requested. What you don't get to hear about as much is the fact that by merely opening an email or, very often, the act of previewing a malicious email is all it takes for a damaging effect.

A popular trick used by spammers (but not just by spammers) is to embed a small, invisible graphic into a HTML email i.e. an email that contains the same markup language used by webpages. These tiny graphics (web bug or web beacon) can't be seen by the eye, but by using particular email client applications to open or preview the emails in fully rendered HTML you can cause something to register back at the spammers server, confirming yet another live email address.

Prevention - Tactics To Avoid Being Spammed

Don't publish your email address on your website in plain text! I know that this sounds counterproductive. After all, people visiting your website might well want to contact you. You might want people to be able to contact you directly by email.

There are a number techniques you can use in order to allow people (rather than harvesting scripts) to contact you by email.

Encode your mailto link with JavaScript

Embed this piece of JavaScript into your HTML page. Change the text as necessary.

Whilst this is one of the simplest forms of protection you can employ you must remain aware that not all web browsers will be able to interpret it because it is JavaScript. Also, as spammers develop more advanced harvesting programs and as this method is text based I wouldn't be surprised if it becomes obsolete sooner rather than later.