Forum Discussion
Why is this image spam getting through and why is Outlook not blocking the image?
There was a vuln in OWA for Exchange/EXO that permitted a remote image that is coded as the background image for a table cell to display automatically, even when remote image loading was disabled. That was patched quite some time ago though. Not sure if the same issue affected Outlook fat clients but it's possible. Viewing the source of the message should show you how the remote image has been inserted.
I'd say you should:
- Report the spam as Vasil suggests
- Make sure your Outlook client is fully up to date
- Open a support case with Microsoft to investigate why a remote image is still loading (depending on your findings)
There was a vuln in OWA for Exchange/EXO that permitted a remote image that is coded as the background image for a table cell to display automatically, even when remote image loading was disabled. That was patched quite some time ago though. Not sure if the same issue affected Outlook fat clients but it's possible. Viewing the source of the message should show you how the remote image has been inserted.
I'd say you should:
- Report the spam as Vasil suggests
- Make sure your Outlook client is fully up to date
- Open a support case with Microsoft to investigate why a remote image is still loading (depending on your findings)
I thought I'd follow up on this. Here's the source of a new similar message (this time yellow with just a few details changed):
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div dir="ltr"><img src="cid:ii_j0m296230_15afa02c0c0cbd00" style="margin-right: 25px;"><br><br></div>
I know HTML but I have no idea what kind of source is "cid:ii_j0m296230_15afa02c0c0cbd00".
edit: I now know what "cid:" means: "Content-ID". The image is base64 encoded and is embedded somewhere (haven't found that location yet).
I sent the email, as an attachment, to junk@office365.microsoft.com. Hopefully, something will be done about this.