If e-mail is one of the blessings of modern life, then spam is one of the banes. As inboxes come under attack from a deluge of unwanted mails, so defence mechanisms become more sophisticated. The mighty Google has now waded into the spam-prevention fray, with image-caching in Gmail.
While spam may seem totally random (and sometimes is), there are also companies which collect and sell lists of validated e-mail addresses. Validated e-mail addresses are those where the spammer can confirm that the e-mail has been read, meaning the address is active. The old-fashioned way of checking if a mail had been read was to include an “unsubscribe” link, which, in reality simply confirmed that the address was active. Unfortunately for spammers, once this trick became widely known, increasing numbers of people avoided clicking on any links within spam mails. The spammers then stepped up a gear and started using images to check whether or not an address was live. In a nutshell, images in e-mails have to be downloaded from a server. In the case of spam, the server will be run by the spammer. By downloading the image, the user confirms that the address is active, even if they never look at the mail itself. This is why many e-mail clients have a default setting only to download text, leaving the user to opt-in to receiving images.
Google’s image-caching service essentially provides a buffer zone between the spammers and legitimate users. Up until now, if a user has elected to display an image, it has been that user’s details which have been sent to the third-party server. Although the data transmitted stops well short of the sort of personal details which could lead to identity compromise, it still contains a lot of information spammers find interesting. For example, it gives an indication of the user’s home country and the browser they are using. Increasingly spammers load unique IDs into each image so that they can have greater visibility of who opens what. This helps spammers to target their campaigns more effectively. For those wondering why anyone would wish to download images for spam e-mail, firstly it’s worth remembering that there are still a large number of e-mail users who do not really understand how spam works. Secondly, spam is becoming increasingly well-disguised. Mails are deliberately sent with misleading subject lines; partly to get through filters and partly to increase the possibility that a user will be tricked into opening it. From now on, however, Gmail users will send a request to Google to download the images and forward them. Consequently, spammers will receive Google’s details. While this may trigger spam being sent to Google, that is their problem rather than the end user’s, and presumably Google is big enough and technically capable enough to deal with this.
Looked at purely in terms of fighting spam, Google’s move is a positive one. In the real world, however, there is no such thing as a free lunch and the price of this anti-spam service is that Google will scrutinise your incoming e-mail even more closely. Whether or not this is a price worth paying will presumably depend on an individual’s point of view. For those who prefer to have full control over the contents of their inbox, the option to opt out of this service will still be available. In broader terms, Google’s approach raises some interesting questions. While its overt purpose is to stop spam, if the user leaves it switched on it will affect all incoming e-mails, even those which the user chooses to receive. Although it will have little to no impact on the end user’s experience, it will make it more challenging for legitimate advertisers to track the success of their adverts. This may mean that direct marketing through e-mail becomes less attractive and leaves advertisers searching for alternatives – such as Google Adwords. On the other hand, legitimate marketers do have other options when it comes to taking ownership of their reader lists. The most obvious option is to send an e-mail with a link to a website where the content can be read (and if necessary downloaded).
Since the user would recognise the e-mail source as genuinely legitimate, clicking on a link would be an acceptable action. It could also be argued that this would be a more ethical way for organisations to gather information; since users would be aware that they were connecting to a website, whereas less technologically-aware users might not be aware that their e-mail could be tracked. Another potential issue, which could impact the sending of legitimate e-mail, is that some companies use tracking IDs to cleanse their e-mail lists. In other words, if they have a list of customers who have opted-in to receive a communication, but they see that one customer has not opened their communications for a certain length of time, they will remove that person’s details from their list. If they lose the tracking information, they may waste bandwidth trying to reach a user who has lost interest.