Hey guys. I got 5 e-mails within minutes in my inbox from some company called TechTarget. The subject discussed within these emails were not of interest to me. Yet I got these emails anyway. This got me thinking about an old question I have. Can spyware get installed or can code be executed, just by the user clicking an email and reading the text contents, without opening any attachments, or following any link within the email? Internet is quite divided. Some say an email cannot unless you open attachments. Others say it is definitely possible. So what's the definite answer?
Depends if the email application will allow embedded links to be downloaded and 'excuted' (e.g. pictures). Nowadays most e-mail clients (e.g. outlook) will disable external content and show text only. In these cases you cannot be infected unless the email you receive target a specific vulnerability/bug of the email application you are using.
If you use mail client it depends on client configuration. Most safe option is to read mails in text format. If you use mail online it depends on email vendor and software that they use for their email system. If there is a vulnerability found and somebody exploits it, infection could be possible.
I always assume the worst, and protect my system accordingly. In some cases it's protection against myself, from accidents.
Agreed. Regarding mail clients: I don't know about other ones - but in Thunderbird external links are blocked by default and javascript is strictly forbidden (it can't even be enabled manually with the exception of RSS feeds). So even reading mails in HTML format is not dangerous (barring unknown vulnerabilties).