Full Disclosure mailing list archives

Re: leaking

From: sith () sithender com
Date: Wed, 12 May 2004 10:22:48 -0700

On Wed, May 12, 2004 at 10:16:23AM -0500, Alerta Redsegura wrote:

I am really curious to know how you can collect e-mail addresses from a
plain image fed from a website shown on an e-mail.

IP, yes.  User-agent, yes.  But e-mail addresses???


You don't _collect_ email addresses (they obviously already have it if they
are sending you email with it, ;)  But you can verify email addresses with
it.

The easiest would be to put a hash or some other identifier of the users
email address in the url for the image, then have mod_rewrite rewrite the
url (or not, who cares... you just wanted to verify the email address was
good) to an actual image on your system, and log the embeded info and
compare to your known addresses.


Aaron Peterson

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: leaking, (continued)
- Re: leaking KUIJPERS Jimmy (May 12)
  - Re: leaking Dave Horsfall (May 12)
    - Re: leaking KUIJPERS Jimmy (May 12)
    - Re: leaking Gary E. Miller (May 12)
    - Re: leaking Valdis . Kletnieks (May 12)
    - Re: leaking Gary E. Miller (May 12)
    - RE: leaking Aditya, ALD [Aditya Lalit Deshmukh] (May 12)
    - Re: leaking Ron DuFresne (May 13)
    - Re: leaking Dave Horsfall (May 12)
  - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking sith (May 12)
    - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking sith (May 12)
    - RE: leaking Alerta Redsegura (May 12)
- Re: leaking Dave Horsfall (May 12)
  - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking Alexander Gretencord (May 12)
    - RE: leaking Dave Horsfall (May 12)
  - Re: leaking Nancy Kramer (May 12)
    - Re: leaking Dave Horsfall (May 12)
- Message not available
  - Re: leaking Nancy Kramer (May 12)

(Thread continues...)