[trinsic2]

I'm not sure if you read the article, but my take on it was that the spammer hid a scam message in a embedded PNG file that may get decoded on older style email clients, but gmail did not render the data-uri for some reason. It might have been part of gmails spam recognition to not render the image in this instance. The message itself got through the spam filters, but it rendered empty because the embedded image did not get displayed.

[ljp_206]

As soon as you suggested that such an embedded PNG may only work on an older client, a lightbulb went off for me.

Most spam is predicated on attacking those too technologically literate to vet the attack. A smart scammer could create an email that would go under the radar of more modern client users, who are likely to report the message as spam and reduce the scammer's reach. If the message only works in older clients used by softer targets, then their chances of success are increased.

If this is the intended method of the attack, it's quite clever. Imagine if you could still blanket spam every email you come across, but only target users with old, outdated clients, who are likely older, less technologically savvy, etc... It would be well worth the R&D time.

Such reasoning follows the theory that spam messages include many typos in order to weed out 'smart' users, who are not desirable targets anyway.

[logifail]

> likely to report the message as spam and reduce the scammer's reach

Q: Is reporting spam (and if so, to whom?) actually of benefit? If so, how?

If you "report" spam at Gmail or in Office 365, what actually happens?

Does some magic kick in and move - in real time - all identical (similar?) messages out of Inboxes and into Spam folders across the globe? Or is it more about training filters for the next wave?

[35mm]

> Does some magic kick in and move - in real time - all identical (similar?) messages out of Inboxes and into Spam folders across the globe?

Not exactly. But the domain they are sending from will get added to shared blacklists.

Spammers don’t send all in one go, so that same message going out to the next batch of people could be stopped.

[logifail]

> Not exactly. But the domain they are sending from will get added to shared blacklists.

In real time? After one report or are multiple reports of a spammy domain required?

I use blacklists (and indeed greylisting) on my personal email servers but I'm curious how much we know about how MSFT/O365 and Gmail handle this stuff.

[kingcharles]

I'm unsure why Gmail didn't render the image. It sure as hell renders all of the ones I get if the email itself is not flagged as spam (as in this case). The image is embedded into the email, so there is no privacy or tracking issue from rendering it.