Outlook Express and embedded images

Friend of mine uses Outlook express :Z , anyway she is always complaining
about getting emails and having to click ok to view the embedded images.

I found from reading this it’s a security feature of SP/2:

“But SP2 has added a feature that now blocks most, if not all, images embedded in email messages because senders can use these pictures as a way of identifying your computer. That could result in your receiving more spam. Just above the message area you’ll see an information bar telling you that the pictures are blocked; you’ll also see little red X’s where the pictures would appear. To download and view the images, simply click the information bar.”

Does anyone know how to disable this??? I can’t seem to find out how.

Thanks

i don’t use outlook, but this is also a default optin in thunderbird and to disable it, you uncheck “block loading of remote images in mail messages” under “Tools>Options>General tab”

I know the program structures are very similar so it may be in a similar place on outlook.

Thanks I think I have it.

It looks to be Tools-options-security.

I will have her test it, thanks for pushing me in the right direction.

Do you think she’ll thank you after being infected by malware that arrived as an image in a spam mail and wasn’t blocked as it’s supposed to? :wink:

I have OE 6 with SP1 and have it set to the RESTRICTED zone, so no scripting can be done at all. I also have it set to read messages ONLY in PLAIN TEXT.

That said, images are viewed inline if attached (not linked). Is there risk in that?

I think I avoid the whole issue by specifying that I view (and send) mail ONLY in PLAIN TEXT, right?

Thanks

You are right only as long as a new vulnerability in the Microsoft image libraries doesn’t pop up again (assuming that your friend’s system is already patched with all relevant security patches).

There have been vulnerabilities in the past where displaying an image in IE, Outlook or Outlook Express could infect your system if the image was crafted to exploit buffer overflow weaknesses. Another such vulnerability could be discovered again.

I can’t think of why you want to enable automatic showing of images and at the same time show mail as plain text (on your friend’s computer). Aren’t those conflicting goals?

Yeah I thought of this and in the email I sent her I gave her the same
stern warning about malware.

I told her personally I wouldn’t change it and I don’t want to be giving
her a told you so speech down the road lol :slight_smile: (I know it’s no laughing matter)

Thanks for all the replies and concerns it’s appreciated.

Not conflicting at all.

I don’t want any HTML code, but when people attach pictures of family or buddies, I can see them inline without any problem at all.

I’ve been running this way for years and seem to have had no problems with the setting. The key seems to be using PLAIN TEXT, which forbids all HTML code. Plus, I keep my SP1 system as up to date as I can, with all the relevant security updates.

Maybe I’m a dork. But hey, I have IE 6 locked down pretty well by default, use Maxthon as the front end for IE (which covers my tail nicely) and am fairly diligent about system maintenance, ghosting, backups, etc. I use AVG Anti-Virus (the free version), have the Spyware stuff I run every now and then (adaware and spybot) and so far, life treats me pretty good. Sometimes ya make a few small compromises in life and do things that make ya happy, even if they may not be the smartest (like eating Nachos, which are bad for ya). I have my Yin and Yang going pretty evenly… :slight_smile:

OLE only blocks pictures from somewhere other than the incomming email. If someone attaches a picture in the email then it will decode it and display it the other end.

If someone puts an image link into an email to a website then OLE will not fetch it, some images have a unique string so that the sender can tell if you have viewed an image and add you to a working email box list.

Personaly I only ever show images on emails I know, e.g. SVP’s promo emails etc, all others get binned without even looking at as they are usually spam and nothing to do with there subject.

That’s too true. I admit I worry less about being rooted (or whatever the MS equivalent is) than being innundated with more spam.

My other machine has XP SP2 on it (mine has SP1) and when I sent a simple attached image and checked it on that machine, it did not show the pic, while it did on my machine.

I guess I should look into that a little further…