Educause Security Discussion mailing list archives
E-mail Privacy
From: Javier Torner <jtorner () CSUSB EDU>
Date: Tue, 25 May 2004 12:22:08 -0700
Hello everyone, I received the following message about a new product called Rampell Software. The site www.didtheyreadit.com is legitimate and it claims to do what the message indicates. I looked for the reference to the State of Texas report but I could not find it. Has anyone seen this before? Comments? Is anyone blocking this site? Thanks Javier Javier Torner, Ph.D. Information Security Officer Professor of Physics _____________________ <snip> Yet another threat to your privacy has surfaced. A company called Rampell Software, LLC has launched a new method of email tracking to determine whether or not the recipient of email you sent: * Read the email * Forwarded the email * How long it was open * How many times it was read * Geographically - where the recipient was physically located when they opened it It works by inserting a single pixel gif image into the body of the message and is virtually undetectable by visual examination. The gif contains embedded code to, "phone home" on port 80 to cluster of servers at didtheyreadit.com. If you open a tagged email, you will not know a confirmation has been sent. The process is being marketed to sales organizations to help them determine the effectiveness of their email campaigns. More information about the company can be found at: www.didtheyreadit.com <http://www.didtheyreadit.com/> The Information Security Team at the State of Texas, Department of Information Resources was kind enough to research the product and recommend some solutions. There are several methods to deal with the problem. They can be used singly or in combination: 1) Mozilla Lightning is apparently immune and does not execute the gif code to phone home. 2) Set your email server/clients to search the body of messages for the string, "didtheyreadit.com" and send those messages to the bit bucket or a quarantine area. 3) Create DNS entries for www.didtheyreadit.com <http://www.didtheyreadit.com/> and set them to loopback.
From whois.arin.net:
Name: web.cluster1.didtheyreadit.com Addresses: 69.90.152.226, 69.90.152.224, 69.90.152.225 Aliases: www.didtheyreadit.com <http://www.didtheyreadit.com/> 4) Black hole the route to the company at your perimeter routers: ip route 69.90.152.0 255.255.255.0 Null0 5) To determine which organizations are sending you tagged messages, add an entry to your egress access-list and log attempts: access-list 101 deny ip any 69.90.152.0 0.0.0.255 log ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- E-mail Privacy Javier Torner (May 25)
- <Possible follow-ups>
- Re: E-mail Privacy Herrera Reyna Omar (May 25)
- Re: E-mail Privacy H. Morrow Long (May 25)
- Re: E-mail Privacy H. Morrow Long (May 25)
- Re: E-mail Privacy Glenn Leavell (May 25)
- Re: E-mail Privacy Brian Eckman (May 25)
- Re: E-mail Privacy Gary Flynn (May 25)
- Re: E-mail Privacy Glenn Leavell (May 25)
- Re: E-mail Privacy Brian Eckman (May 25)
- Re: E-mail Privacy Dan Oachs (May 25)