Outlook is supposed to block all images in an email but occasionally allows some of them through. Why is this?

4

Typically when my Outlook receives an email it by default blocks all images in it.

However occasionally I get spam emails containing one or more images that are not blocked. An example of this can be seen in the spam email shown below.

example spam

Although most of the images in above email were blocked, at least the one with the "Millionaire Blueprint" text was not.

Note that in this case Outlook had not recognized the email as spam. But since it is set to by default to block images in incoming emails, it should block all of them regardless of whether it recognizes the email as spam, or not.

As the images can presumably be used by the sender to validate an email address (or worse), I would like to know what causes a particular image to bypass the image-blocking filter?

coderworks

Posted 2015-11-07T15:39:52.743

Reputation: 439

1This seems like some oddity of Outlook and not really an infosec question. – Neil Smithline – 2015-11-07T18:09:41.760

This is not about spam or blocking images in general - this is about Outlook. – schroeder – 2015-11-07T21:36:44.987

1The message says "Outlook prevented automatic DOWNLOAD of some pictures" but these images aren't downloaded, they're attached. Outlook prevents downloading of images from web sites when email is viewed to prevent the server from detecting that the message was opened. If the image is sent with the email, there's no point in blocking it, because the sender can't know whether it was seen or not. – barbecue – 2015-12-11T19:36:10.807

Answers

3

From the 'src="cid:..."' attribute, I'd guess that the images are in-line with the message (that is, as a separate MIME section after the body). Images sent that way are still an annoyance, and a security risk if the mail client's image-displaying library has a vulnerability, but they don't have the same privacy implication (allowing someone to see when, and from what IP, and using what browser/mail client, you read the message) as a link to an external image. hence, there's less security advantage to blocking them.

david

Posted 2015-11-07T15:39:52.743

Reputation: 179

Outlook says that it blocks the because of "privacy" (not security). Blocking for privacy is a valid reason because the mechanism retrieving the image from the remote server can contain a parameter identifying the recipient email as valid & active. Besides that the link could be used to load other resource (not just image) on users machine. My question was though why it does not block all of the images; the email had other images (such as the Facebook and twitter icons plus some other images) that were also loaded using the src=cid mechanism yet those were blocked by Outlook. – coderworks – 2015-11-07T15:59:03.937

Asked: 2015-11-07T15:39:52.743

Viewed: 592 times

Active: 2015-11-07T21:37:03.483