Disabling cid: references in e-mails

I'm getting spam e-mail messages which include HTML with cid: references such as:

[SIZE= "2"]<TABLE border=0><TBODY><TR vAlign=top><TD width=158><a href=http://loc.actoisoft.com/><IMG src= "cid:000801c63b06$0762dd00$0403a8c0@rcvd" border=0></a></TD><TD><TABLE border=0><TBODY><TR vAlign=top><TD><a href=http://loc.actoisoft.com/><IMG height=150 src= "http://images.amazon.com/images/P/B0000AZJVC.01.TZZZZZZZ.jpg" width=118 border=0></a></TD>
<TD> <a href=3http://loc.actoisoft.com/><IMG src= "cid:000901c63b06$076ec3e0$0403a8c0@rcvd" align=top border=0>[/SIZE]​

As far as I can tell, these content ID (cid calls simply send a uuencoded ID to the spammer letting him know I opened his spam. They are not important for rendering the message in a browser because Firefox renders it okay when denying the cid: calls.

What security settings are required for Internet Explorer so it won't honor these cid: calls? If the ActiveX security settings are relevant for disabling this, then exact which ActiveX setting (because there are several)? Understand, I still would like the HTML honored to get some of the message rendered, but without the cid: references calling home back to the spammer.

If this is documented somewhere, please include the URL link. BTW, I'm using the Courier e-mail client, but it calls IExplorer for rendering the HTML portions.

 

I'm not sure which security settings (if any) would block them for you but until somebody comes along that knows I would think you could work around it by first opening IE and then click on file>work offline. IE will stay working offline until you go back and uncheck it. The only caveat here is you'll only get the text portion of the message. Most likely none of the pictures will show as they're usually not contained in the email and have to be retrieved from a server somewhere else.

 

The first thing that I do in OE is to go to View/Layout and take the check out of the Show Preview Pane box so that you have to double click on an e-mail to open it. This way, when you delete one it doesn't automatically open the next one.

 

I'm using the Courier e-mail client, and it is possible to disable HTML in just the Preview Pane so I have to double click on the message listing to open it and get the HTML rendered. But the problem there is some commerical messages, which I do want to read, are in HTML only. Looking at the unrendered HTML message in the Preview Pane can't always tell me if this is a message I want to open.

However, it is true that I can generally look at the From: line and tell a friendly HTML-only message knowing the commerical e-mail lists I subscribe to.

My ideal solution would be to deny the cid: calls so I can still render the HTML safely without alerting the spammer's server. Firefox can do this, but OE and Courier use IExplorer to render all their HTML, so unless the security settings on IExplorer can turn off cid: call resolution, I can't render my HTML e-mail without the spammer's server knowing it. And I suspect the clever spammer knows that; that's why he's spamming this way.

If anyone knows if Windows Vista and the IExplorer 7 security settings will let you deny the cid: calls, please speak up. I would be interested.