Web Bugs and Read Receipts in Emails and Attachments
Obviously you should always be suspicious of Email attachments and make sure that they are checked by up to date anti-virus software before you open them.
However there are other, more subtle ticks aimed at tracking and possibly identifying the recipients of emails, which have been used to attempt to uncover the identities of confidential journalistic sources etc.:
Web Bugs and Read Receipts in Emails and Attachments
A reminder that it is not just Governments who use their legal powers to snoop on journalists, campaign activists and bloggers, in order to try to identify their whistleblower anonymous sources:
The recent corporate scandal involving the giant Hewlett Packard computer corporation and its attempts to track down "leaks" to journalists, highlighted the use of webbugs
i.e. embedded images located on webservers directly under the control of a corporation or of a commercial tracking service such as the one used by Hewlett Packard, namely www.readnotify.com, which does have some legitimate uses, such as proof of delivery of legal documents etc. , by prior arrangement, but which can also be used to try to track down whistleblowers and their journalistic contacts.
ReadNotify also made use of Email Delivery Service Notifications (the standard optional internet email Read Receipts, and derivatives like the Microsoft Exchange email Deleted but nNot Read) and Message Disposition Notifications and IFRAMEs and graphic image web bugs embedded in Microsoft Office documents and Adobe .pdf email attachments.
See ReadNotify tracking journalists and their sources, or being used for disinformation ?
When a HTML email is opened, or a Microsoft Word or Excel or Powerpoint document or an Adobe .pdf document is opened, the client software can be made to pull an embedded image (very often a hard to see transparent 1 x 1 pixel graphic) from a remote internet webserver, thereby leaving IP address and browser details in that webserver's logfiles.
To protect yourself (and your "anonymous" whistleblower source) from such sneaky tracking, make sure that your email software is set to display messages as Plain Text and not to display Graphical Images by default.
Alternatively (or in addition) make sure that you disconnect from the internet temporarily when you open such an email and / or attached documents (many personal firewall software products e.g. ZoneAlarm have an "Internet connection" Off Switch"), or switch off your internet dial-up or ADSL connection when you open such attachments.
Alternatively, using something like Tor and Privoxy as described elsewhere in this guide, may be sufficient to confuse such tracking services about your real IP address and web browser type etc.