Consider this (fairly common) tactic. Someone can place a 1x1 pixel invisible gif in an email... most email clients including webmail will download the image automatically.. so what happens is your browser sends a GET image.gif request to the spammers webserver where he has a log of whoever accesses that image... so he knows you have accessed the email and are a live email address.
Now you're probably wondering how he can keep track of the email address that is being used when requesting the gif.. a few simple solutions spring to mind.. since spam mailing is automated, the image could be instantly generated with a filename that represents the email address...
example : you have a list of 1000 email addresses, you have a script that creates 1000 invisible gifs with filenames 1.gif - 1000.gif the script then puts a link to the relevant number in your email (if you are email address 50 in the list, it will link to 50.gif).. this is easy enough, its the same way they get your first name in spam :
"Dear <insert name>, make money from home"
etc etc.. its all automated. Thus when you view the mail, your email address gets marked as 'alive'. This actually happens.. I haven't caught a mail with such code, but thats cuz I created one email address that I guard fiercely, and I use disposable email addresses for any signup.. you can get disposable addresses from
I suppose viewing as plain text would help, because it wouldn't read the <img src> tag as HTML.
You would be amazed at the sophistication of attacks that spammers employ.. including the way they takeover and backdoor systems worldwide to use as spam gateways. Home computers.. the large IP ranges with insecure cable modem users... they know they will get easily exploitable systems with 24hr fast connections and users who wouldn't know where to begin looking for problems.
Its an incredible network, and frankly its a far worse thing for the internet than crackers IMHO.. crackers are easier to catch.