Sorry, I read that differently, quickly.
New type of spam showing up?
- Thread starter atikovi
- Start date
Even **viewing** a spam email might (*might*) also validate your email if the spam email is sophisticated enough: If the email, at view-time, is set to download a resource (most likely an image) the request can contain uniquely-identifying information for you. So viewing the email will call an image, oversimplified, like this https://img.some-shady-spam-site.ru/[email protected] . "whatever-image.jpg" stills ends up displayed in your email, and the spammer's server's logs now indicate a request specifically from you. The spammer then knows that the email address is valid and routinely viewed, which is darn-near as valuable as (the gold standard of) knowing it is valid, viewed, and by a human who will click on things in the email (like "Unsubscribe" links).
One of our vendors that was giving us a demo of their cybersecurity team showed us exactly what you described. They even went further and nabbed a password from the request that was sent back.
