SWA "click and save" email question

Does anybody get these things. I have noticed in the past month the following:

  1. To Enter: No purchase or obligation necessary. Contest runs from September 1, 2009 December 21, 2009. To enter without purchase or obligation, Customer must open their Click n Save e-mail with images turned on to be automatically entered for a chance to win a monthly prize (September November) and automatically entered for a chance to win the Grand Prize.

That is all that is needed to be done, just open the email, not reply, not respond, not send anything. I can’t see anything in the email source showing where and what is being transmitted to the SWA folks for entry in their contest.

Anybody have any ideas? Is it a “beacon” within the graphics since it’s clear graphics must be viewed (text only apparently won’t send anything)? Kinda worrisome to me that just opening an email is sending something out to somebody.

Yes, any commercial email you open with graphics is sending information back to the sender. This is how commercial email works.

Note that it can’t send any information back that they don’t already know. They already know your name and email address since they sent you the email. This is all they’re receiving back in the tracking gif.

Sure wish more companies would divulge this like SWA did. I had never known this until reading this from SWA which made me want to poke under the hood looking to see if there was a beacon somewhere in there.

Gmail defaults to graphics not being displayed which I like myself. I wonder if this is enough for it “not to send” back to the sender unless I choose to.

Before the advent of Gmail I used to have Outlook to open in text only as I really only care what is typed anyway.

We would hope this but as discussed in another thread about malvertising in the photo section of this website, the possibilities do exist that software could be installed without your permission, and this can happen with Email as it happens all the time with phishing type emails. (I realize phishing takes a user to click a link)

We try to put our trust of security in the hands of the reputable companies, but the New York Times failed the public trust (and I will go as far as the Flight Aware photo section) so now it’s up to the user to be better informed hence me starting this thread.

Commercial bulk-mailings often provide clickable links to some 3rd-party website (a real estate or pharmacy deal) that actually begin with a link to the bulk-mailer’s website. That URL encodes your user id (pointer into their database of recipients) and the website you meant to visit, so the bulk-mailer records a hit on your user-id and also forwards you to the 3rd-party site.

An image link can in principle contain the same information. If you have “show images” enabled, then your email program makes the image request as it tries to render the page layout in the email. The image request goes through the bulk-mailer’s website and generates both a hit on your user id and a request for the actual JPG that belongs in the page layout in your email. If it occurs through GMail or Outlook, it still is the bulk-mailer’s page layout and image URL being triggered by your action to render on your screen.

If you have “show images” disabled, this never gets initiated.

Presumably SWA is doing something like this, so they can record a hit from your user id.