HTML Manipulation Module

HTML email allows senders to include invisible content, tiny tracking images, and layouts built entirely from images rather than text. Forensic Email analyzes the raw HTML of each email for techniques used to deceive both recipients and spam filters.

• Hidden Text
  The email's HTML contains one or more elements styled to be invisible — for example, text colored white on a white background, text with a font size of zero, or elements set to display:none. This invisible text is not meant for you to read; it is typically inserted to confuse automated spam filters by padding the message with keywords.

• Possible Hidden Text
  The email contains short HTML elements that are hidden from view but are ambiguous in intent — they could be invisible text injected to evade filters, or they could be short label elements hidden for accessibility purposes (such as screen-reader-only button labels).

• Tracking Pixels
  The email contains one or more 1×1 pixel images. These invisible images silently notify the sender's server the moment you open the email, confirming that your email address is active and monitored. Your IP address and approximate location may also be recorded.

• Image-Heavy Email
  This email contains multiple images but very little readable text. Phishing emails and spam frequently embed all visible content inside images rather than HTML text, because image content cannot be scanned by text-based spam filters. If the images do not load, the email may appear nearly blank.