Is there a security risk when you forward or reply to a message?
A reader writes: “if you forward the message (we’re supposed to forward SPAM messages to a particular internal mailbox for analysis, etc.) that fetches the image and reveals the IP and other information sent by the web browser. I really wish there was an option to turn off this “feature”. “
This is a case of a user changing an Office setting and not realizing the consquences. Outlook DOES usually block image display when replying or forwarding an email.
As Office-Watch.com has shown with our Outlook Hidden Info Image, letting Outlook show images in messages can reveal to the world more than you expected. The result can be more unwanted messages, unwanted tracking of your online life or, at worst, vulnerability to attack.
If a message has image links and you click ‘Forward’ or ‘Reply’ here’s what you should see:
This dialog appears on a ‘per message’ basis. If you click ‘Yes’ then the images are downloaded for that message alone. Click ‘No’ and you’ll see the usual forward/reply message window with placeholders for each image.
How Outlook deals with linked image messages that you want to forward or reply to depends on the Outlook version.
Outlook 2010 and Outlook 2007
By default do not grab images when you forward or reply to a message. It’s called Automatic Picture download.
To turn this feature off (definitely NOT recommended) go to the Trust Center Settings | Automatic Download
Outlook 2003
Outlook 2003 has the same feature to block unauthorised images.
To change it go to Tools | Options | Security | Change Automatic Download Settings.
Uncheck “Don’t download pictures or other content automatically in HTML e-mail”
Outlook 2002 (XP) and before did not block linked email images at all.
