Tell your email program where to go
One thing that really irks me is how absolutely no e-mail client out there gets this: Images aren't the only thing spammers can use to track whether an e-mail address is valid or not. PocoMail comes the closest by allowing you to block images, but that isn't enough. I've actually seen spam HTML e-mail that calls CGI (or similar) scripts to return things other than images. This could be CSS information, or simple javascript that performs a document.write() from a URL. Cute.

Until the email client programmers get a clue that their client should NOT be using ANY port other than those used to send and retrieve e-mail, the best thing users can do is get down and dirty with a firewall. Unfortunately, the free version of ZoneAlarm ain't going to cut it, because it only allows or denies application from accessing the internet entirely. And a simple firewall won't work either, because you still want to browse, don't you? No, you need a personal firewall like ZoneAlarm Plus, Norton Firewall, or McAfee Firewall to be able to tell your email client that it can access specific ports, but is denied others.

What you want to do with your personal firewall is the following. After each directive I give an example using Norton Personal Firewall 2003 and Mozilla Thunderbird 0.3.

Tell [YOUR FIREWALL] that [YOUR E-MAIL CLIENT] [IS ALLOWED] to make [ONLY OUTBOUND CONNECTIONS] [TO ANY COMPUTER] [ONLY ON PORTS 25 AND 110] [ONLY USING TCP].

Example: Open Norton Personal Firewall 2003 by double-clicking it's icon in the system tray or using it's shortcut in your Programs (or All Programs under Windows XP) menu. If you are not already there, open the Norton Personal Firewall menu in the left pane and click on Status & Settings. Click on Personal Firewall in the middle to make the description pop up in the right-hand description bar. Click on the Configure button in the description bar, and then the Program Control tab on the window that pops up. A list of programs already configured will appear. If you find your e-mail program, slect it and click Modify. Otherwise, click the Add button and find the executable file (C:\Program Files\mozilla.org\thunderbird\thunderbird.exe for Mozilla Thunderbird). A window will then pop up asking what you want to do. Click the down arrow on the drop-down selection box and select Manually configure Internet access and click OK. The window will disappear and be replaced by wizard asking if this rule will permit, block, or monitor access. If not already selected, select Permit and then click Next. The wizard will then ask what type of connection you want to permit. If not already selected, select Connections to other computers and click Next. The wizard will then ask you what computers you want to give the program access to. Unless you really feel like coming back into this wizard every time you create a new or terminate an old e-mail account, or are just really paranoid, I suggest you leave it to Connect to any computer (the default) and click Next. The next question the wizard asks is what protocols and ports you want to allow the program to use. Since e-mail sending and retrieving is all done using TCP, select TCP. Under ports, select Only the types of communications ports listed below, and use the Add button to add ports 25 (smtp) and 110 (pop3). Click Next, and the wizard now asks you what kind of monitoring you want to do. Again, if you're paranoid, go ahead and Create an event log entry. Otherwise, don't. And unless you want to be hounded by Norton Personal Firewall every time you get your e-mail, leave Notify me with a Security Monitor Message and Notify me with a Security Alert unchecked. Click Next, type in a name for the rule (like Mozilla Thunderbird: Allow E-Mail Retrieval) and click Next.

Tell [YOUR FIREWALL] that [YOUR E-MAIL CLIENT] [IS DENIED] to make [ONLY OUTBOUND CONNECTIONS] [TO ANY COMPUTER] [ONLY ON PORTS 80 AND 443] [ONLY USING TCP].

Example: Click Add to add another rule. The wizard pops back up. This time we want to block access, so select Blockand then click Next. Again, this only affects outgoing connections, so select Connections to other computers and click Next. The wizard will then ask you what computers you want to block access to. As the sources of spam are too numerous to list one-by-one, do it all in one shot by selecting Connect to any computer (the default) and click Next. Now we get to block the specific protocols and ports that e-mail clients really shouldn't be using. Again, all web pages are accessed using TCP, so select TCP. Under ports, select Only the types of communications ports listed below again, and use the Add button to add ports 80 (http) and 443 (https). Click Next. The next two step should be straight-forward now. Just be sure to name this rule something different, like Mozilla Thunderbird: Block Web Page Access.

These rules allow your e-mail client to access the internet to get e-mail, but does not allow it to access the internet to grab ANYTHING from a web server. This way, you can enjoy the beauty of HTML messages WITHOUT worrying that someone is tracking you. I'd also suggest leaving everything else open. Normally, this isn't the way to go with firewalls, but with most personal firewalls, if no action is specified, the program will warn you and ask what you want to do. This behavior is highly desired because now you'll now if your email program (or an HTML e-mail) is trying to pull something REALLY funny.

BIG-ASS NOTE: If you use Outlook Express to access your Hotmail accounts, I believe this is going to disable this feature as OE uses port 80 to access Hotmail's servers to retrieve your email.