Outlook Express Tips

Outlook Express Tips

How to use Outlook Express: Quickly - Safely - Effectively

Little-Known Anti-Spam Tips


Spammers use some sneaky and dirty techniques to validate your email address. Do you need spam blocker or spam filter software or is there another way you can protect yourself against these tricks?

At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic and works on Windows 7 and Windows 10 - FREE download on oeclassic.com

Tips below will help you to weed out spam. You may also use spam blocker or spam filter software to screen emails for you - so you can sort them out later. I wouldn't recommend automatic deletion though, because sometimes they can be wrong - for example they may recognize regular email as spam.

By using them I limited spam email to only 2-3 messages per day, which is quite OK given the time I use the account (for years).

But I also must note that I believe even those 2 or 3 per day are mostly there because I once completely by accident clicked on the link in spam email. Of course, it verified my address and kept on sending me more spam. Luckily, the amount of spam declines with years as spammers constantly need new and fresh lists.

If you, though, get 20 or 30 or more spam messages a day, maybe it is time you give these preventive measures a little bit more attention. Even the most advanced spam blocker or spam filter cannot help you if you ignore the following.

Hidden images in spam email - block them

Many email software including Outlook Express is capable of sending, receiving and displaying HTML email. In fact, many of the newsletter publishers also use this format to enhance the visual look of their emails using HTML colors and graphics.

Guess what, spammers also know how to send HTML email. But they will do something else with it.

Most emails received today from spammers are in HTML format. The reason behind this is that when email is in plain-text format, they have no automatic way of verifying if an email address is being read. The messages can be black-holed - this means that the receiving server tells the sender that the target Inbox exists (even if it doesn't) - and act just like the email was received while it does not deliver it to the Inbox - it deletes it instead. So the spammer needs to guess if the email was delivered or not. If server would refuse the message - spammer would instantly know that the email address is not being used or does not exist.

To eliminate this guesswork, HTML email may contain a small graphic usually 1x1 pixel in size (for faster loading) that will point to some throw-away server the spammer uses. The image itself will include a special, unique code for that mailing. When you open this message, Outlook Express will also try to open all of the HTML graphics that are contained inside, including the image that will be loaded from spammer's server. If this image is not loaded, they may assume email is not being used. If this image is loaded, they will add it into the database of "verified" addresses and begin sending promotional messages so you will receive even more spam. The first message may contain only some bulk words, nonsense text or anything, just to verify if you are reading it.

Outlook Express has an option to block HTML graphics from outside source, but this option is not present in older versions of Outlook Express. Only the version that came with Windows XP with Service Pack 2 (and later versions, including Windows Mail that comes with Windows Vista) have this option.

If you use older version you'll have to upgrade and download latest version of Outlook Express. To verify if you are using lower version click on main menu - Help » About Microsoft Outlook Express.

outlook express about menu

In the screenshot below, you can read the version number that is marked with red color. Number 6.00.2900.2180 means that this is version 6.00 (build 2900). Your version may be similar, higher or lower. The rest of the markings indicate it is running on Windows XP with Service Pack 2 installed. This version of Outlook Express supports blocking of external images in HTML email.

outlook express version

Now, if you have the appropriate Outlook Express version you need to verify if the option is enabled (it should be by default).

From the main menu select Tools » Options and then from options window select tab called Security. Look for checkbox named Block images and other external content in HTML e-mail. Make sure this option is checked just like on the screenshot below.

outlook express security block html images

With this option enabled, even if you open spam email and read it, the spammer will not be able to tell if you really opened his email or not. Emails you receive will now have a notification on the top saying - Some pictures have been blocked to help prevent the sender from identifying your computer. Click here to download pictures.

some pictures have been blocked to help prevent the sender from identifying your computer

If you are certain that the email you received does not come from spammer you can safely click on this field to load missing images. If you are unsure, don't do it, it will only notify spammer you opened this email and you will receive even more spam. Images embedded in email will display normally because they cannot be used to identify your computer.

By the way, free email services like Yahoo, Hotmail or Gmail also feature similar options so check that you enabled them on web mail option pages.

Unsubscribe and other links in spam email - don't click on them

When you receive newsletters they usually contain unsubscribe link on the bottom. Spammers employ this for other purposes - to verify if your email address is active and if you are reading it. When you encounter this unsubscribe link (or any other link within the email) - do not click on it. This will only tell spammer you opened email and you are willing to receive more spam. So how to tell if this unsubscribe link is for real or not?

Spammer originated email unsubscribe link is usually called UNSUBSCRIBE or NOT INTERESTED and is not associated with any real web site (just an empty page or so), there is no signature with sender name, no sender postal address, disclaimer or anything similar. Just a link and that's it. If a signature is present, it is quite obvious that it is not for real. No names you can trace or web addresses you can visit to find out more information. That's because they need to conceal it while legitimate senders don't have anything to hide.

If you get new sort of spam you don't recognize - you can verify linked web addresses easily by typing them into the web browser - take care to remove extra ID codes from the address - i.e. if unsubscribe link is pointing to http://Wg083dXz.sitename.com then try typing http://www.sitename.com (Wg083dXz is only an example of code identifying your email which you should remove, but similar code may also be placed somewhere else within the link) and see if the site displays something meaningful.

Here is another simple way how you can tell whether unsubscribe link is real and valid. All legitimate commercial email messages compliant to CAN-SPAM Act of 2003 must follow these rules (spam does not):

  • From and To fields must not be misleading
  • It must not have deceptive subject line (spam often has)
  • They must include valid and working unsubscribe link or a clear notification about another opt-out mechanism
  • They must include sender's physical (postal) address, PO boxes are not allowed at the moment of writing, but this will probably change (spam will not have any address anyway)

Which one of these methods is fool-proof? Unfortunately none, but with little experience the spam will begin to look all the same to you. I personally look for physical address and some credentials on the bottom - if I receive a new form of spam that is. If I find none I'm quite certain it is a spam and put delete key into good use. You will be too.

Replying to spam email - don't do it

Even though you may be tempted to reply to them and seek justice, just delete it and ignore it. If you reply you'll be doing them a favor again. They use temporary return addresses created only with purpose of verifying replies. They don't even read this address so don't bother wasting your time on writing a reply - just hit the delete key.

When creating email address - don't use short aliases or obvious names

Are you using email address like js@some.com or john.smith@some.com? If you can, change it to something more complex. johnsmith1971@some.com is much less likely for automated spamming software to guess than above examples.

Yes, they sometimes use automated guessing (using dictionary names for example), then send probe email to verify the address and later clean up to get correct and working list of addresses. Don't make this task too easy for them.

Leaving your email address when subscribing to some services, forums, newsgroups and other public locations

It is always a good idea to open a free email account on some of the providers of these services like Hotmail, Yahoo mail, Gmail or any other. Don't use this email address for your regular communication with your friends or business associates. Instead, use it only when you need to sign up to some forum, when you need to leave your email address to get some service or similar. If there is such an option - hide email address from public. Many forums allow this.

Later when you've verified that the service you subscribed for will not increase the amount of spam you receive or you find it inconvenient to use free email to receive messages that came from such services - you may change or update email address to your real one. If you trust the publisher you may leave your real email address right away but be careful who you trust. In general, legitimate publishers that sign themselves with their names usually follow good mailing practices and have valid and working unsubscribe links so you can trust them with your email.

Also, you may want to have separate email address when forwarding messages to your friends (you never know where your email is going to end up, especially if they forward your message further). If it is private email intended for the receiver only it is not likely your email will be forwarded so in this case it is quite safe to use your main email address.

Don't buy from spammers or trust them with your private data

Once you learn to recognize spam - don't do the following:

  • Don't buy stocks that promise unbelievable returns and are marketed through email. Professional stock traders probably wouldn't.
  • Don't buy products that are promoted in spam email - usually sexually oriented products. If you do want to buy something, look for credentials, names, legitimate looking web site. Verify site for phishing as well.
  • Don't fall for phishing attempts (emails asking you to "verify" your private data by visiting some web page where you are asked to enter your PIN, credit card number, email, postal address, username and password or similar, usually such a mail looks like it came from well known bank, PayPal or other services). Sometimes it may be difficult to recognize these - install Internet Explorer 7 or later, Mozilla Firefox 2.0 or later which both have protection against well known phishing pages and will report it to you when you visit them.
  • Don't fall for similar scams. Always think before you act on email message that asks some private data from you or ask you to forward the message further.

Note the difference between legitimate and spam mailing lists

Legitimate mailing list is the one:

  • You asked to receive emails from by subscribing to the list. They will be signed with real names (or other credentials) and will have working unsubscribe mechanism. And most important - they will be on topic you subscribed for.
  • That does not have any nonsense text inside.
  • That you can out-out from at any time.

In the end, you cannot completely avoid receiving spam email. But if you use tricks described above, you can reduce the amount of spam on new email account significantly. They will not work on old email accounts though. If you do receive a message or two, simply ignore them and hit delete.

Click here if you want to use this article on your own web site