“For those still harboring the illusion that e-mail exchanges
are private, a watchdog group has uncovered a new trick that
enables someone to essentially bug an e-mail message so that the
spy would be privy to any comments that a recipient might add as
the message is forwarded to others or sent back and forth.”
“The maneuver does not take advantage of any security flaw
in e-mail software. It is simply one feature of a fancier and
increasingly common form of e-mail known as HTML mail, which
enables users to send and receive e-mail messages that look and act
like a Web page.”
“With the spying technique, a few lines of a programming
language called JavaScript, often used on Web sites to create
pop-up windows and navigational aids, can be embedded in such a
message. This implant, not visible to the recipient, enables
the text to be secretly returned to its original sender every time
it is forwarded to another recipient, as long as the recipients’
e-mail programs are set up to read JavaScript.”