Comment Specific Suggested Preventative Steps (Score 1) 248
If you read the sourced article, disabling HTML email would not be sufficient. The tracking marker is actually embedded in an attached document. Once embedded it turns invisible, so there may be some macro associated as well. It seems that a cascade of nefarious and default behavior of a suite of MSFT products allows unsophisticated users to be duped. Suggested steps to mitigate, if not entirely eliminate, the risk of PattyMail
1) Assiduously avoid MSFT products where possible.
2) If you can avoid all, avoid MSFT Word, the probably culprit in this case. Use OpenOffice instead.
3) If you can't do that, disable automatic macro execution in MSFT Word.
4) Do not use HTML email. HTML makes things PRETTIER, not more useful. Anyone in favor of HTML mail is either a spammer or cares more for form than function. HTML mail is a useless abomination. But I digress.
5) Install something like ZoneAlarm on your individual workstation and explicitly ban all MSFT Office products from accessing the Internet, without at least popping up a dialog box. This way, if there is a "phone home" mechanism hidden in a document, you'll know when it tries and you can intercede.
6) Set your email program to alert you and request permission before sending read receipts. Never auto-send them, and do not auto-reject them either. It's useful to know who's trying to check up on you. Then, once you know someone's trying to check up on you, refuse to send the read receipt.
7) If you must follow a questionable URL of dubious provenance, consider actually using an OLDER browser version. For example, Netscape v4.7 or older. It won't render many pretty things correctly, but who cares. More importantly, it also will simply ignore a lot of the more recent tags and syntax as being noise.
1) Assiduously avoid MSFT products where possible.
2) If you can avoid all, avoid MSFT Word, the probably culprit in this case. Use OpenOffice instead.
3) If you can't do that, disable automatic macro execution in MSFT Word.
4) Do not use HTML email. HTML makes things PRETTIER, not more useful. Anyone in favor of HTML mail is either a spammer or cares more for form than function. HTML mail is a useless abomination. But I digress.
5) Install something like ZoneAlarm on your individual workstation and explicitly ban all MSFT Office products from accessing the Internet, without at least popping up a dialog box. This way, if there is a "phone home" mechanism hidden in a document, you'll know when it tries and you can intercede.
6) Set your email program to alert you and request permission before sending read receipts. Never auto-send them, and do not auto-reject them either. It's useful to know who's trying to check up on you. Then, once you know someone's trying to check up on you, refuse to send the read receipt.
7) If you must follow a questionable URL of dubious provenance, consider actually using an OLDER browser version. For example, Netscape v4.7 or older. It won't render many pretty things correctly, but who cares. More importantly, it also will simply ignore a lot of the more recent tags and syntax as being noise.
