PRIVACY: MSIExplorer email spy file

Michael Lorrey (
Tue, 11 Mar 1997 18:08:59 -0500

The following is from a message I got recently regarding an apparent
feature of Microsoft Internet Explorer that keeps a record of all of
your email, even when you've deleted it and emptied the trash folder.
This is very interesting from a privacy standpoint, because if this is
true, this means that anyone who can hack into your system can also read
your "trash" like any PI going through your dumpster.

I'd appreciate any feedback.....

> Do you or someone you know use Microsoft Internet Explorer Mail 2.0, 3.0
> or 3.01?
> Are you concerned with Security? And No, I am Not talking about the
> recent security patch that popped up last week. I am talking
> specifically about anyone using the E mail program that comes with
> Internet Explorer.
> Over the weekend, I found some Very Very disturbing files, they keep
> track of every single file ever sent to you, sent from you, or deleted
> by you. Regardless if it was deleted or not !
> You know how you hear about computer confiscation's by the FBI or such
> and such Dept. to find files and information about a person... well most
> anyone who might be concerned with even minimal amounts of security
> would at least DELETE the files. In MSIE Internet Mail you have a nice
> little feature that allows you to create folders for putting all your e
> mail into for future reference. But after a while, just about everyone
> becomes concerned either with the content or quantity of these folders,
> and begins to delete these e-mails out of these folders. Like Windows95,
> these files go into another folder called "DELETED", you simply then
> delete the contents of the deleted folder and all is gone right!
> WRONG!!!, what ? you don't believe me? Well Check For Yourself!
> For those of you running Windows95,
> 1. Click on "View" at the top of the program
> 2. Go to the last item, "Options" click that one
> 3. There are 2 tabs, on the View tab, make sure "Show all file types" is
> selected and check that "Display the full MS-DOS path in the title bar"
> and "Include description bar for right and left panes" are also selected
> 4. Click OK 5. Now, in the left pane, expand your System Hard-drive
> (For99% of us it will be the "C" drive) then expand the folder "Program
> Files"
> 6. Find the folder "Internet Explorer" and expand (click the + 1
> time) that folder
> 7. Under Internet Explorer is another Folder called
> "Internet Mail and News" expand that one.
> 8. Under that file you should
> see the name of your account, however you configured it. Expand it. Then
> expand the last file, "Mail" click on that 1 time.
> 9. Now, in the right
> pane you see the contents of the Mail folder, you will hopefully
> recognize your Internet Mail program files by their names.
> 10.WARNING--- I am only going to show you how to view the file for now,
> PLEASE do not change a file at this time, you will corrupt the file and
> not be able to return to your e-mail program, I'll tell you how to fix
> it in a minute.
> 11. OK, now you see the files in the right pane, we will
> only be concerned with a few files for the moment * Deleted Items.idx
> note the extensions, idx and .mbx * Deleted items.mbx * Inbox.idx *
> Inbox.mbx * Outbox.idx * Outbox.mbx * Sent Items.idx * Sent Items.mbx
> 1.Notice the difference in size between the two files... the "idx" file is
> always smaller than the "mbx" file
> 2. I do not know what the "idx"
> extension stands for but felt safe in assuming the other was for
> "Mailbox"
> 3. Now, The idx file is directly associated with the amount of
> files in your folder, so if you have a lot of e-mails in a folder it is
> going to have a couple hundred Kb in it, and if you don't have but 1 or
> 2 the number will be significantly less, maybe as low as 1 or 2 kb
> 4.For those of you who have been running a lot of e-mail through your
> account, and had MSIE up and running for quite sometime, look at your
> inbox.mbx, mine had grown to 29MB! That's what caused me to look in the
> first place, I kept trying to find out "What in the heck am I storing in
> these files? Why is my inbox empty and this .mbx file shows such a high
> number???" So I kept hackin... I decided to try a text viewer (Most of
> you have WordPad) I right clicked the Inbox.mbx file and choose "Open
> With" a dialog box pops up - WARNING, you must make sure the "Always use
> this program to open this file" Is NOT Checked!
> 5. Depending on the size
> of the file, it may take a while for it to cough up the file, I was
> really expecting to see a gobbly goop hex ridden file with
> indecipherable language all over it. But to my Amazement, up popped a
> file beginning at the very day I changed from Netscape, September 8th
> 1996 all the way to March 8th 1997.
> 6. Inside was the complete record of
> every e-mail I had received, over 1000 e-mails and absolutely every one
> I deleted prior to this point, I Was Mad ! ! ! ! !
> 7. This is true for each and every .mbx file you have!
> 8. WARNING I tried many times to just
> simply highlight the information, delete it and then save it. I Could
> Not Do It Without Corrupting The File, MAKE SURE after viewing the file
> you exit WITHOUT saving changes.
> 9. Are we Mad Yet!!!
> 10. There are 2
> ways I used to fix this is the following: *
> #1 print out all the e-mails
> you want to keep or copy the folders you want to keep into a temporary
> folder (by copy folders, I mean the 2 idx/mbx files with the folder
> names you recognize) *
> #2 Uninstall the Internet Mail and News program
> from the Add/Remove Programs from Control Panel *
> #3 Verify that the
> files have been Deleted after step #2 *
> #4 Reinstall Internet Mail and
> News as was done Originally *
> #5 After it is reinstalled, up and running
> and you have recreated the folders you wanted, go back into Explorer,
> and Copy the New files. Idx/mbx for the Inbox, Sent Items, Deleted Items
> and put those copies into a safe place. * Every so often, you can go to
> your safe place and click "copy" and then go back to the Mail folder and
> paste into the folder Over-Writing the Nasty Spy Folder with a good
> clean non Incriminating file.
> I know this is a lot to read, and for many they might say "Who Cares!"
> but to those of us who know better, this just makes us mad! and gives us
> proof that Big Brother really does want to know about our every move,
> and our every thought.
> I know Microsoft will not be pleased that this is now known, but this
> is not right. There is no justification for this kind of intrusion.
> I'm not real comfortable giving out my e-mail address, simply because I
> am becoming an engineer for Microsoft, Ironic isn't it. And all this so
> I could become closer to the inside... well I got my first hint of the
> inside, and It looks like were in for a battle people.
> Information Is King.


Michael Lorrey ------------------------------------------------------------ President Northstar Technologies Agent Inventor of the Lorrey Drive

Website: Now Featuring: Mikey's Animatronic Factory My Own Nuclear Espionage Agency (MONEA) MIKEYMAS(tm): The New Internet Holiday Transhumans of New Hampshire (>HNH) ------------------------------------------------------------ Transhumanist, Inventor, Webmaster, Ski Guide, Entrepreneur, Artist, Outdoorsman, Libertarian, Arms Exporter-see below. ------------------------------------------------------------ #!/usr/local/bin/perl-0777---export-a-crypto-system-sig-RC4-3-lines-PERL @k=unpack('C*',pack('H*',shift));for(@t=@s=0..255){$y=($k[$_%@k]+$s[$x=$_ ]+$y)%256;&S}$x=$y=0;for(unpack('C*',<>)){$x++;$y=($s[$x%=256]+$y)%256; &S;print pack(C,$_^=$s[($s[$x]+$s[$y])%256])}sub S{@s[$x,$y]=@s[$y,$x]}