Charles Arthur On Technology

They know you've got mail
Click to follow
The Independent Online

Try to imagine the meeting that must have happened some years ago at Microsoft, when they were developing the mail program Outlook Express.

Try to imagine the meeting that must have happened some years ago at Microsoft, when they were developing the mail program Outlook Express.

"It says in the internet standard that you should only send plain text."

"Forget the standards. This is the modern world, and we're creating the rules. The web runs on HTML, and so should Outlook Express. We can do everything in it - show images from the web, let people format e-mails just like web pages, even run those little programs - whatisit, scripts, like on web pages! It'll be fantastic!"

And indeed for a few years Outlook Express was fairly good, although it has to be said that anyone using an e-mail program that didn't bother with HTML had to suffer long strings of incomprehensible formatting, often transliterated from Microsoft Word's doggerel HTML output.

But most people used Outlook Express, because it was free with Windows, and most people used Windows, so that it became the default e-mail client despite its many failings. The extent of its takeover is so absolute that some "support" organisations are nonplussed if you're not using it, and refuse to believe anyone can send or receive e-mail with anything else. (Yes, BT's Broadband "helpdesk", I do mean you.)

Then spammers and viruses got in on the act. Some viruses took advantage of Outlook Express's ability to run scripts to infect machines if you simply had open the "preview" pane (which shows the first few lines of the message in an HTML-rendered area). This is fixed in Outlook Express 6, which disables such scripting.

Meanwhile, spammers began sending messages with links to pornographic images - causing a lot of distress to families around the world.

Then the spammers, in their never-ending quest to find people who read their rubbish, cottoned on to something smarter: "web bugs". These are invisible graphics included on a web page to indicate when a computer loads it. A web bug, once loaded, tells its owner a surprising amount of information about you: the ISP that you're using, when you accessed the page, and even what operating system you're using. That's completely normal for a web page that you choose to visit. But rather different for an unwanted e-mail that you haven't even properly opened yet.

By putting a web bug into an e-mail, a spammer would have almost all the information he wanted about you - except for your e-mail address.

But then they found a solution: "web bugs" for e-mail in which the e-mail address was encoded into the HTML address - such as <img>. Then, by simply watching the logs on their site, they can see whether network@ opened or previewed their e-mail, and when and from where.

And because spammers love knowing whether people are soft touches, such "e-mail bugs" are now widespread: according to MX Logic, a security firm, almost half of all spam contained such beacons that would yell out your personal details to spammers via the preview pane if you were online.

At this point, of course, all those people using e-mail readers that didn't bother with HTML could justifiably feel smug. They could still read messages, and spammers didn't know if their messages were being read.

So what's the obvious response for Outlook Express users? Don't make the loading of images the default. Let the user decide if they want images loaded automatically, or when they want.

Nice idea; except that you can't. There's no way to stop Outlook Express blaring your details to the world anytime someone includes an inline image in a message to you. (By contrast, Apple's Mail, which comes free with its machines, has had that capability since last October.) Qualcomm's Eudora has had optional image loading for at least three years; otherwise they were held as attachments, which you could again choose whether to open.

The image-loading problem (and it is a problem) with Outlook Express will be fixed with Service Pack 2 for Windows XP, which is due to be shipped in August. But it's unclear if this will be solved for those not using Windows XP - about half of Windows users.

Into the midst of this battle between spammers and increasingly aggrieved surfers, a new company has pitched in with what must have seemed like a great idea: a means of tracking whether people have read your e-mail, and precisely when and where they read it.

The company is called, and it pitches its products at anyone anxious to know whether that urgent message - job application, tearful apology, tart brushoff - arrived, and whether it then got opened, or even passed on.

Given what I've said above, you've probably guessed how it works: e-mail bugs. You set up an account on the site, and then from a normal account send an e-mail with the address suffixed with "didthey". If it's opened, the company knows it because the e-mail bug pings their server, and you can find out by logging in and viewing your messages.

In my trials, the system worked - sort of. One friend didn't use Outlook, and identified the bug in moments. "I think these things are invasions of privacy," he said. And it's hard to argue that what's OK for you is not for spammers, or vice versa.

Other attempts went better, though the geographical information is vague ("Britain"). Certainly, as a system, it works on all webmail systems (such as Hotmail and Yahoo!) and potentially on any e-mail program that can display images.

But is it a good idea? One can see that you might want to know if the company that turned you down for a job actually went to the bother of opening your e-mail (though it can't tell if an attachment, such as a CV, was opened). For such applications, the free trial - 10 e-mails - could be useful enough. After that it costs $24.99 (£13.50) for three months, $39.99 for six months, or $49.99 for a whole year.

But two things about it seem depressing. The first is that we're becoming so untrusting and so out of touch with how e-mail works; it is, essentially, a medium in which the recipient chooses the pace of dialogue; it's not sender-driven like, say, the telephone.

Second is the fact that this will work on so many users' machines. may be a first, in that it's a legitimate use of a spammers' tactic. But it could all have been so different if only there had been some more thought back at that meeting at Microsoft headquarters. - help with Outlook Express 6 (including download links)