There are two kinds of images that come with your HTML e-mail: the ones that come attached with the e-mail itself, and others that link to remote sites. Images that are linked to remote sites are considered "unsafe" for the following reasons:

• Spammers can abuse this to validate your e-mail address
• The sender can know instantly if you have read their e-mail or not (privacy concern)
• Finding out information about your browser, operating system, and your mailserver (security concern).

Let's look at these issues in more detail:

Validating your e-mail address
Spammers can (and do) include specially-crafted image tags that include a "bug" used to validate that your e-mail address is a live one and that you actually read e-mail sent to this address. When such an image is loaded, a request is sent to the spammer's server and it notes in its database of e-mail addresses that you have, in fact, received and read the spam e-mail they sent. Such addresses are re-sold to other spammers and the amount of spam you will receive is going to grow exponentially.

Verifying that you have read your e-mail
This issue is a privacy concern -- if there are images in the e-mail that link to the sender's website, they will know instantly when you have opened and read the e-mail they sent. This can be used against you if for some reason you decide to deny ever receiving that e-mail from the sender -- they will have proof that you have received, opened, and read that e-mail.

Finding out information about you
Every time an image is loaded off the remote server, it leaves a "log" message about what type of system you are using, including the version of your browser, your internet IP address, as well as information about your mail server and the software running on it. This information can be used to carry out attacks on your computer or the server where KubMail runs.