2
1
Mail clients have an option that is turned on by default to not display pictures in emails for security reasons.
However browsers will always automatically display pictures in emails.
Why is viewing pictures in emails unsafe from a mail client, but not from a browser?
tony_sid
Posted 2012-10-05T04:32:09.420
Reputation: 11 651
2
It really depends... The main reason isn't what you think...
Whilst it is possible to get malware/security problems from viewing picture, it is not very likely on a modern computer. When you get the option to turn them off, it is usually to stop tracking sites.
For example, if the picture is embbeded in an email, there is usually no harm in displaying it - but, a lot of the time now (especially from some marketing/newsletter scripts), it is possible to put a 1px by 1px image at the bottom of an email that isn't embedded but hosted elsewhere with a url such as http://mysite.com/some_tracking_script/message.asp?msg=124643, and what this can do is create a database on a server and allow the sender to know when your message has been read.
So, technically, it is possible to get a virus for pictures, but, most of the time, this option is about privacy.
William Hilsum
Posted 2012-10-05T04:32:09.420
Reputation: 111 572
1
It is also unsafe viewing them from a browser. Browsers may have some sort of sandboxing which reduces but does not eliminate the risk. See e.g. How can I be protected from pictures vulnerabilities? (and the links leading from there), JPEG COM Marker Processing Vulnerability (in Netscape Browsers and Microsoft Products) (old issue). There was a presentation on image vulnerabilities by Michael Schenk at Defcon 15. (You can find more info by e.g. googling for "image browser exploit")
Jan Doggen
Posted 2012-10-05T04:32:09.420
Reputation: 3 591