Outlook Windows/Mac blocks images linked in emails, so does Gmail (in browser) as an option. Why? And why is it best to leave the block on except when needed?
The image block does seem to be a nuisance. Outlook shows rectangles where images should go and a message you can click to see the images.
This is done when the image is displayed by getting it from the Internet. In other words, the picture isn’t included with the email, it added to your display when you try to read it.
Sometimes you get marketing emails that are mostly images with little text. These emails are meant to intrigue so you allow images to see the entire messages. More likely, people delete the message as a waste of time!
Outlook for Windows/Mac block linked images mostly for privacy reasons, which we’ll explain in a moment. There’s also the small risk of virus infection via an email link. This is much less likely than it once was because of better safeguards in Outlook and browsers generally.
About getting images
Most people think of getting a web page or single images from the Internet as like grabbing the selected page and displaying it on your computer. It’s more complicated than that.
Each time Outlook tries to get an image for an email or your browser is getting a web pages it’s sending a request. That request includes information about your computer, your browser and operating system. A simple cookie indicates if you’ve requested info from that site before.
Some of that information is necessary for the request to work. The IP address of your computer is essential; it’s the ‘return address’ so the web server knows where to send the requested page or image. The operating system/browser tells the web server what type of web page to send back (a page for a smartphone can be different to the same page for a full screen browser). The location details (from the iP address) can change the page too (e.g. changing the language sent).
A special image just for you
To demonstrate this, Peter has made a special image for this article and in the Office for Mere Mortals. It’s a special image that’s made up ‘live’ in real-time for each person who reads the page.
It takes the information sent to request the picture and returns an image with that info in it.
This image is unique to you … no one else will see this image.
All that information can be saved by the web server and used for marketing purposes. Companies will know that you’ve read the email and can display other ads accordingly if you visit their web site.
The image link could also include other information about you, like the specific email address the message was sent to. We could have easily shown your email address in the above image.
A full explanation of the image contents is here.
Long time Office Watch readers probably won’t be surprised by what’s revealed in the special image. Years ago, Outlook security and privacy was a major concern and a big topic in Office Watch. But it seems some of the lessons from those times have been forgotten.
Back in the mid-noughties, Outlook had little Internet security. This was before Microsoft’s famous ‘conversion’ and starting to take security issues seriously.
It was quite possible to send an email which had links back to a hacker’s web site. The email could try to infect your computer simply by displaying in the Outlook preview/reading pane. All it needed was a tiny, almost invisible, 1 pixel image link.
At the very least, if you allow a linked image, a spammer or hacker will know that email address was working and someone had read the message. That made the address a more likely target for other messages.
Naturally this caused a lot of concern. Microsoft’s response was typical. Publicly the company downplayed the risk as much as possible while privately developers worked to plug the holes in Outlook.
Outlook security has improved immeasurably. There’s now a proper Junk email and phishing filter to quarantine suspect messages. The internal software (engine) that displays emails is now restricted to block many hacking methods. Outlook 2007 and later use a custom ‘display engine’ so that hacks for Internet Explorer should not also work in emails.
However, that doesn’t stop standard information about your and your computer being sent by Outlook, which is why images are blocked by default and each user gets the choice about whether to display them.
