Sources of error when identifying misuse of corporate Internet services: a cautionary note

This technical report aims to investigate the ease with which unsolicited content from the Internet can be fetched by an email client triggered by specially formatted HTML email. It also looks at the default behaviour of a number of different popular email clients across the Windows and FreeBSD platforms, and their configuration options. We found that it was surprisingly easy to get the tested email clients to download images from the Internet with no prompting. Such activity could leave traces in corporate ITS server logs or on a user's local machine which could be misconstrued as breaking company IT policy and result in an employee's dismissal. The results of this investigation are meant to educate IT personnel about the need to exercise caution before jumping to conclusions about the activities of an individual. They are also meant to educate email users about the risks involved when using email and how to avoid walking into traps by being aware of the configuration options of the email client they use and understanding what they do.