Re: E-mail Privacy

["H. Morrow Long" <morrow.long () YALE EDU>]

And the tracking via a single pix webbug worked of course.

I checked via their website and also received a receipt/ack:

Mail Read Information
To:      <morrow.long () yale edu>
Subject: test
Sent On:  05/25/04 (03:47PM)
1<x-tad-smaller>st</x-tad-smaller> Opened:  05/25/04 (04:00PM) 
Tracking Summary 
Total:   Opened 1 time by 1 reader 
Tracking Details (latest first) 
Opened:  05/25/04 (04:00PM)
Read Duration (approx.):       n/a
Location:  (US) UNITED STATES, CONNECTICUT, NEW HAVEN   Show Map 
Organization (ISP):  YALE UNIVERSITY
Opened On:  (130.132.248.81)
Language:  en-us, ja;q=0.21, de-de;q=0.86, de;q=0.79, fr-fr;q
Browser:  Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/124 (KHTML, like Gecko)
Referrer:  

Hm..  If I send someone a legal document and get such an ack can I then claim
'You've been served!' or do I need to hire a process server?

- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS


On May 25, 2004, at 4:00 PM, H. Morrow Long wrote:

> And this is how they 'invisibly' track your sent e-mail messages
> without relying on the older return receipt requested RFC822
> header (handling of which is not mandatory and is often under
> the control of the recipient user) -- they use single pixel web-
> page 'bugs' in an HTML formatted MIME partition.  This relies
> on the remote user viewing the e-mail in a web-enabled e-mail
> program or web browser.
>
> I created an account on didtheyreadit.com and sent myself
> (well, okay, I sent it to morrow.long () yale edu didtheyreadit com)
> a plain ol' vanilla text message using pine on Unix just for fun. I
> put the word 'test' in the body of the message.
>
> Looking at the message received you can see their invisible 'tag'
> (a unique inline GIF URL was generated just for tracking the msg):
>
> --=_c8e3cfd147fed9ad1142c041c266f73d
> Content-Type: text/html
>
> test<br />
> <br />
> <br><img src="http://didtheyreadit.com/index.php/worker?code=bdbefd3852a72cd5de21493dd23d3fb1" width="1" h
> eight="1" />
> --=_c8e3cfd147fed9ad1142c041c266f73d--
>
>
> This is a spammer and advertiser tracking trick.
>
> - H. Morrow Long, CISSP, CISM
> University Information Security Officer
> Director -- Information Security Office
> Yale University, ITS
>
>
> On May 25, 2004, at 3:22 PM, Javier Torner wrote:
>
> > Hello everyone,
> >
> > I received the following message about a new product called Rampell
> > Software.
> >
> > The site www.didtheyreadit.com is legitimate and it claims to do
> > what the message indicates.
> >
> > I looked for the reference to the State of Texas report but I could not
> > find it.
> >
> > Has anyone seen this before? Comments? Is anyone blocking this site?
> >
> > Thanks
> >
> > Javier
> >
> > Javier Torner, Ph.D.
> > Information Security Officer
> > Professor of Physics
> >
> >
> > _____________________
> > <snip>
> >
> > Yet another threat to your privacy has surfaced.  A company called Rampell
> > Software, LLC has launched a new method of email tracking to determine
> > whether or not the recipient of email you sent:
> >
> > *         Read the email
> >
> > *         Forwarded the email
> >
> > *         How long it was open
> >
> > *         How many times it was read
> >
> > *         Geographically  - where the recipient was physically located when
> > they opened it
> >
> > It works by inserting a single pixel gif image into the body of the message
> > and is virtually undetectable by visual examination.  The gif contains
> > embedded code to, "phone home" on port 80 to cluster of servers at
> > didtheyreadit.com.  If you open a tagged email, you will not know a
> > confirmation has been sent.
> >
> > The process is being marketed to sales organizations to help them determine
> > the effectiveness of their email campaigns.
> >
> > More information about the company can be found at: www.didtheyreadit.com
> > <http://www.didtheyreadit.com/>
> >
> >
> > The Information Security Team at the State of Texas, Department of
> > Information Resources was kind enough to research the product and recommend
> > some solutions. There are several methods to deal with the problem. They
> > can be used singly or in combination:
> >
> > 1) Mozilla Lightning is apparently immune and does not execute the gif code
> > to phone home.
> >
> > 2) Set your email server/clients to search the body of messages for the
> > string, "didtheyreadit.com" and send those messages to the bit bucket or a
> > quarantine area.
> >
> > 3) Create DNS entries for www.didtheyreadit.com
> > <http://www.didtheyreadit.com/>  and set them to loopback.
> >
> > > From whois.arin.net:
> >
> > Name:    web.cluster1.didtheyreadit.com
> > Addresses:  69.90.152.226, 69.90.152.224, 69.90.152.225
> > Aliases:  www.didtheyreadit.com <http://www.didtheyreadit.com/>
> >
> > 4) Black hole the route to the company at your perimeter routers:
> >
> > ip route 69.90.152.0 255.255.255.0 Null0
> >
> > 5) To determine which organizations are sending you tagged messages, add an
> > entry to your egress access-list and log attempts:
> >
> > access-list 101 deny ip any 69.90.152.0 0.0.0.255 log
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.

Attachment: smime.p7s
Description: