On 2006-01-25 Ebeling, Jr., Herman Frederick wrote:
From: Jim Halfpenny, Wednesday, 25 January, 2006 08:58
When you use readnotify.com you send your email to
user@domain.com.readnotify.com and it remails it to use@domain.com.
From what I remember readnotify.com remail your message and attach a
web bug i.e. an embedded image link. The image link is on one of
their web servers and this is used to identify when an email is read
and for how long.
To foil it you can block loading images in HTML email. I'm not sure
if this covers the full extent of readnotify.com's tracking. You can
get a free trial of the service so you could sign up and send
yourself some messages.
What if someone has their client to send E-Mails as only text
format, and not HTML? Does readnotify.com change the format of an
E-Mail?
Yes. They always send it out as HTML only.
Would closing the preview pane, and then selecting the MSG, and
saving it as a text document defeat their tracking?
Not necessarily. The notification will also be triggered if you view the
saved message with a browser or re-open it into Outlook (or whatever
mail client your users are using) with HTML enabled.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
