Pop-Up Email

By: Blake Boyer

What is "Pop-Up Email?"

When you receive mail with images and nice formatting with backgrounds, etc, you are receiving HTML formatted code. That email is very pretty, but potentially dangerous.  Scripts (Visual Basic and JavaScript) can be embedded in the message that automatically open Internet Explorer and connect to -"pop up to" - a site on the Internet.  That site could be unfriendly.  The very least that is accomplished is the establishment that your email account name is valid, they have your current IP address, and you are currently online.  It is technically possible to then automate a scan of your computer for open port and services running on your computer.  If you have been careless and left a service like "Microsoft Networking" open with "Allow others to use my shared files and folders", your machine would then be a prime target to automatically receive a Trojan horse or virus, or actions taken to disable or change settings within your registry, firewall, or virus detection programs.

This is not a bug in the Microsoft architecture; it is a feature.

The new "pop up" html page gimmick is a variation of the old "clear.gif" image trick.  By imbedding a link to a foreign site within an html message, Outlook Express will use Internet Explorer to display that foreign link.  If you view the message, the html code will request the foreign object.  Your only salvation at that point is a firewall installed and setup to prompts you as to whether it should allow the object to be retrieved using the port and IP address requested by Internet Explorer.  If you tell your firewall, "Yes, open the port and go get the object from that IP address" - then damage can occur.  What you have done is tell the foreign site that you are online and have either no firewall installed or a firewall installed, but poorly configured.  You have given them an open invitation to come visit this IP address.

If you have a non-dedicated connection to the Internet then your exposure is only during that connection, as your IP address will change the next time you contact your ISP for a new connection.  Even if you delete the message and/or pop-up window, while the connection is maintained, the foreign site can be scanning your IP address for open ports to other services you may have running. 

If you have a dedicated connection to the Internet, then your exposure is ongoing and you should have a firewall set up properly and/or be certain that all non-essential services are turned off and all essential services are secure.

My solution to this problem:

A mail pre-reader of mail headers on my ISP (Mailwasher - www.mailwasher.net) - Free or commercial version

A firewall program (Tiny Personal Firewall - www.tinysoftware.com) - Free or commercial version

Additionally, many new virus protection programs can be set up to stop "pop-ups" and catch viruses, and are a good idea.  They are not a substitute for a properly configured firewall.