Re: Strange email

[james.s.kahan () accenture com]

The ip address in question, 192.168.x.x belong to Prodigy Internet. Their
primary network hub is located in Reston, VA.

The ip you see is probably a mail server.


"mcoleman" <mcoleman () uniontown com>
05/16/2001 07:01 PM AST

To:   <incidents () securityfocus com>
cc:
Subject:  Re: Strange email


I have seen marketing attempts doing similiar things.

First, by loading the image, they can tell that the email they sent you was
actually read by someone (by looking in their logs of their web server for
the specific image name that was sent to you, which is unique just for
you).
This makes spam much more valuable if you can prove it was actually read by
someone.

If you read the email, and your outlook pulls that image from their server,
they now know the IP address of the client that read the email (from their
logs).  This image name will be slightly different for each email they
send,
so they can correspond the request name with specific request for the
image.

If the image loaded in your email, he now has your IP address, or your
NATted equivelent therein.

My personal firewall on my computer blocks port 80 attempts from outlook,
preventing these attempts from working.


----- Original Message -----
From: "Jason Lewis" <jlewis () jasonlewis net>
To: <incidents () securityfocus com>
Sent: Tuesday, May 15, 2001 7:55 PM
Subject: Strange email


> I received this email today.  The headers show it being sent from a
machine
> in Korea.  Everything in the headers is forged, but I just can't figure
out
> what the motive is behind it.  Also, at the end of the email, there was a
> gif and I included the embedded html link.  Has anyone else seen this?
I
> have munged the IP's.
>
>
>
> Hi my name is Sarah Pricer, a CS graduate student at UC Berkeley.  I
> obtained your email address from www.arin.net when searching for the IP
> block(192.168.64.0 - 192.168.64.255 ) that you coordinate.
>
> I'm currently writing a thesis on the network topology and would very
much
> appreciate your cooperation. I am trying to draw out a map of how the IPs
> are distributed geographically. I realize that the IP registration data
> often times have country/state/city information that are different from
the
> actual physical location of where the IPs are used.
>
> Arin data currently shows that 192.168.64.0 - 192.168.64.255 is
registered
> to:
>
> Country: US
> State: VA
> City: MCLEAN
>
> Can you please tell me if this is the actual physical location of the
IPs?
> If not, can you please tell me the actual location?  Again, thank you for
> your cooperation.
>
> warm regards,
> Sarah P.
>
> <http://211.33.122.158/icons/1/cal_1506.gif>
>
>
>
>
> Jason Lewis
> http://www.packetnexus.com
> "All you can do is manage the risks. There is no security."