Most Microsoft Outlook 2007 users have received email messages that contained external content. Figure 1 shows an email message containing a notification that Outlook has stopped the automatic download of some pictures. Microsoft does this to prevent Web beacons.
Spammers maintain lists of email addresses -- some addresses are more valuable than others. If a spammer can prove that an email address is valid, he can sell that address to other spammers for a premium. A Web beacon helps to confirm the validity of an email address and lets the spammer know that the message made it past the recipient's spam filter and was opened.
Spammer use several different types of Web beacons. One of the simplest forms is an embedded image. For example, suppose that an email message contained the following line of HTML code:
<img src="https://firstname.lastname@example.org" width="1" height="1">
line of code is designed to download a 1x1 .gif image from http://www.contoso.com. There is nothing harmful about the image itself, but the question mark after the image's file name indicates that an optional parameter has been appended to the request. In this case, that optional parameter is an email address.
When the message is opened, the mail client would attempt to download the image from the external source. In doing so, the server would be made aware of the optional parameter bound to the request. This parameter could be written to a database. The spammer could then sell the database to other spammers.
More sophisticated types of Web beacons are designed to pass tracking cookies to Web servers or to download malicious code.
Filtering Web beacons
There are options available to block Web beacons when users open messages in OWA. The following Exchange Management Shell command allows you to control Web beacon filtering:
Set-OwaVirtualDirectory –Identity "Owa (Default Web Site)" –FilterWebBeaconsAndHtmlForms ForceFilter
Notice that the command ends with –FilterWebBeaconsAndHtmlForms ForceFilter. The –FilterWebBeaconsAndHtmlForms portion of the command tells EMS that you want to filter Web beacons and HTML forms. The proceeding portion of the command specifies the level of filtering you'd like to perform. In this case, we're using the ForceFilter parameter, which causes Internet Information Services (IIS) to block all Web beacons and HTML forms.
Users will have the option to unblock content that an administrator has blocked, which can be dangerous if it contains a Web beacon or HTML form. But when you use the ForceFilter parameter with this command, content will remain blocked -- even though a user may have requested to unblock it.
There are two other parameters you can use with the -FilterWebBeaconsAndHtmlForms option.
UserFilterChoice -- Causes IIS to block Web beacons and HTML forms within messages, but gives a user the choice to unblock filtered content. Unlike the ForceFilter option, the UserFilterChoice parameter allows users to view blocked content.
DisableFilter -- Turns off Web beacon and HTML form filtering. Unless you have a compelling reason to disable filtering, I strongly recommend performing at least some level of filtering against Web beacons and HTML forms.
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.