EMail Purgatory at Crimson Star Software

EMail Purgatory™ Tutorial

Step 4 - Preview an Email

To preview a message, just click on it. Most of your messages should be just fine. The following examples are real messages that appear to contain Bad Things. The message in Figure 7 contains two Bad Things.

Figure 7 - No Body and Screensaver

Notice that there is no message body, only the header information and some attachments. This is a bad sign. If there ever was a body to the message, it was 100% active content and Email Purgatory™ eats active content for breakfast. Sometimes you will receive messages that just do not have a body, only one or more attachments. If there are any attachments, you can click on them to preview them as pure, 100% safe text.

One of these attachments is a file with a file extension of .scr. Email Purgatory™ warns you never download an attachment with a file extension of .scr. If you do, make sure your anti-virus definitions are up-to-date and hold your breath! When you are previewing any message, you can condemn the message right away, go back to Purgatory and condemn it there, or log out securely.

Figure 8 shows an attachment full of nonsense. No, it is not a speech from the Canadian Prime Minister! It is an attachment that has been encrypted using Base64 encoding.

Figure 8 - Base64 Encoding to Hide Spam

Whenever a message or attachment is encrypted using Base64 encoding, you can be sure it contains spam. That is the only reason to use it. Base64 encoding makes it impossible for your regular email program to block it based upon your Message Rules and filters. Spammers know this, so they love Base64 encoding. Now you know.

NOTE: When you are previewing an attachment, you do not have the normal links at the bottom of your screen. You MUST use the BACK button on your Internet browser to return to the previous screen. You cannot delete an attachment by itself. You must condemn the entire email.

Figure 9 is an attachment that was in HTML format. I have scrolled the view so you can easily identify the Web beacon contained in this attachment.

Figure 9 - Web Beacon

A Web beacon is a type of active content that attempts to send out private information about you to the spammer. In this case, it is trying to send them my email address and a secret code of some sort.

It is easy to identify a Web beacon. First, a Web beacon is always an image and an image tag always starts with "<img". An image can have a size specified, but if that size is “height=1” and “width=1” than the image is virtually invisible, which should make you suspicious. There is always a source given in the “src” part, and if the source contains a “?” then everything following the question mark is information that will be sent to the spammer.

So, if you see an image tag that contains a 1 x 1 sized image and the source includes a question mark followed by your email address or other secret information, then you have found a Web beacon. Congratulations!

You should probably condemn any message or attachment that contains a Web beacon. At the very least, they are an invasion of privacy. At worst, the source may send you a virus or trojan instead of an image.

Return to EMail Purgatory™ Tutorial Index