Well, there are still two other ways they *could* figure out if you're a
live account. They can record NDR's and assume if they get one that you
aren't there, or they can request a delivery receipt and count them. The
problem that comes up for a spammer is that if they put their real address,
they'll get caught, right? So how in the world are they going to be there
for all the different DSN's?
In some cases, they will send you spam and will offer a way of removal. In
that instance, they are able to stick around and get DSN's so a deliver
receipt, a read receipt, or an NDR would tell them what they want to know.
Namely that your account is a live account or not.
The bigger issue with preview pane is the execution of malicious code. If
you get something that has HTML that takes you to a web site and executes
something or downloads something, your preview pane will speed that up by
displaying it even if you don't know the sender. You can disable the HTML
through increased security zones BTW. Check out the following sites for
more security type information
http://www.microsoft.com/security and
http://www.cauce.org
al