Security Basics mailing list archives
Re: readnotify.com
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 27 Jan 2006 13:27:50 +0100
On 2006-01-25 Ebeling, Jr., Herman Frederick wrote:
From: Jim Halfpenny, Wednesday, 25 January, 2006 08:58When you use readnotify.com you send your email to user () domain com readnotify com and it remails it to use () domain com. From what I remember readnotify.com remail your message and attach a web bug i.e. an embedded image link. The image link is on one of their web servers and this is used to identify when an email is read and for how long. To foil it you can block loading images in HTML email. I'm not sure if this covers the full extent of readnotify.com's tracking. You can get a free trial of the service so you could sign up and send yourself some messages.What if someone has their client to send E-Mails as only text format, and not HTML? Does readnotify.com change the format of an E-Mail?
Yes. They always send it out as HTML only.
Would closing the preview pane, and then selecting the MSG, and saving it as a text document defeat their tracking?
Not necessarily. The notification will also be triggered if you view the saved message with a browser or re-open it into Outlook (or whatever mail client your users are using) with HTML enabled. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: readnotify.com, (continued)
- Re: readnotify.com Thierry Zoller (Jan 26)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
- Re: readnotify.com Larry Offley (Jan 26)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 25)
- RE: readnotify.com evb (Jan 25)
- RE: readnotify.com evb (Jan 27)
- Re: readnotify.com Thierry Zoller (Jan 26)
- Re: readnotify.com Jim Halfpenny (Jan 26)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- Re: readnotify.com Saqib Ali (Jan 27)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
- Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 27)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- Re: vnc server Scott C. Best (Jan 26)