Spammer "Address Verification" Schemes..

[cakeman]

Hi all, Id appreciate any input people have on this..

The IT manager in our small company came into his role when the last guy moved on as he was the only guy not to run screaming when a windows error box popped up.

He's now got our spam filter cranked up to "hyper paranoid" and its causing issues with suppliers, customers etc.. as they try and get through to us through email.

He's convinced that simply by opening an email in Outlook (various clients = 2000, 2003 and 2007 in an Exchange environment) it's phoning home and letting the spammers know the email address is valid.

I know this statement would be true if there is a linked image in the email, even if its a single pixel big (and outlook wasnt set to disable these active images), but am skeptical that if an email, even if its HTML format, has the capability to have "hidden" links or other call-home tie-ins to notify the Spammer if the user so much as opens the email itself.

Im more than willing to admit Im wrong.. but, of course, dont think I am

What address verification techniques are being used?

thanks.

[Farelf]

... What address verification techniques are being used?

have a look at the "spam Mechanics" section on http://www.rickconner.net/spamweb/ - see if that helps (there's something in there about web bugs and much more).

[turetzsr]

<snip>

The IT manager in our small company came into his role when the last guy moved on as he was the only guy not to run screaming when a windows error box popped up.

<snip>

He's convinced that simply by opening an email in Outlook (various clients = 2000, 2003 and 2007 in an Exchange environment) it's phoning home and letting the spammers know the email address is valid.

I know this statement would be true if there is a linked image in the email, even if its a single pixel big (and outlook wasnt set to disable these active images), but am skeptical that if an email, even if its HTML format, has the capability to have "hidden" links or other call-home tie-ins to notify the Spammer if the user so much as opens the email itself.

Im more than willing to admit Im wrong.. but, of course, dont think I am

What address verification techniques are being used?

...Perhaps he's thinking of the "Read receipt requested" feature of MS Exchange and other e-mail applications. If I'm not mistaken, this can be turned off globally (at the MS Exchange Server level) and there is definitely an option to turn it off at the MS Outlook client level (but I'm not sure turning off the option at the client level always works).

[Farelf]

...Perhaps he's thinking of the "Read receipt requested" feature of MS Exchange and other e-mail applications. ...

IMO read receipts have fairly much been rehabilitated in the business community. Tempting fate I know, but I have yet to receive an actual spam item requesting a read receipt (though they were common once, I have heard, in the days when spam were hand-crafted and sent using standard mail applications). I have responded/acceded to thousands of receipt requests in real mail. I even use them myself, sometimes. Even to US addresses.