Slashdot Mirror
Testing didtheyreadit.com's Mail-Tracking Claims
iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more.
"This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"
The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.
it needs a http:
Here's a working link: http://www.didtheyreadit.com/.
<img src="http://didtheyreadit.com/index.php/worker?cod e=2f985e815bd2b46450e
07957611ab6c9" width="1" height="1" />
So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default.
(It was nice enough to leave my plain-old-text message - "blah blah blah" - alone in the original format, as well as adding a text/html mangled version.)
This flies in the face of science.
All I have to do is read my mail when I'm not on line.
Nothing to see here, nothing at all.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Well, it will tell you when they opened the email/how many times/etc. (assuming they have an html enabled email client.) It works w/ yahoo mail but not with pine. The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this? (I haven't a windows box)
:(){
Although we have to get the link correct in the first place.
Do you think they'll be able to read their site in the next hour... I hope not :-)
considering the non-friendly hack that you need to go through to get this working, wouldn't it be better to capture the data sent by Outlook and OE's read receipts and implement something compatible in Mozilla and other email clients.
I only say use the Outlook 'standard' because it doesn't seem there's any others, and it'd be a bit useless if we had multiple versions.
If we want read receipts, that is. Personally I turn them off, and don't send them.
I'm assuming it works by appending an invisible image that references back to their servers. Spammers do this often to verify if an account is "live".
Most e-mail and webmail clients do not have any functionality for disabling remote images, so that would explain how it works "most of the time". Mozilla thunderbird, among others, allows you to disable remote image loading. Of course a text-based client running on any Linux system is not going to be succeptable to this method of tracking either.
To see if people read the article before posting on Slashdot.
This post is a joke so don't moderate down. Also I am aware that this wouldn't be really effective.
The nice thing about email is that the user doesn't have to respond. This would "force" the user to correspond with the person who sent the email.
Hell, its fun to get an email and deleting it without responding.
Yes! I listen to NYC Speedcore and do math at 3AM. I suggest you try it too.
Sounds to me like they just embed a simgle pixel gif in the message, and monitor when they recieve the request for it.
How they monitor the length of time the mail stays open is a bit of a mystery.
Turn off 'Download images' and I'd imagine their system becomes useless.
Wasn't there a scare about spam merchants doing this once?
C-x C-s C-x k
just set your mail client to not download images
If you can't trust the service, and you obviously can't, I don't think there's a very good reason to use it. Unless it works for every single message it's no good. It is a pretty neat idea, but the tinfoil hat crowd will most likely scream and shout about their privacy being invaded.
Martin
If the recipient is using a text based email program theres no way in heck anything is going to track whether the mail was opened or read. If its an HTML reader like Outlook just pop a web beacon and let your server monitor it. If you can't figure out how to make this work yourself, you probably shouldn't be allowed to go spying on others anyway.
Nothing special, just "Webbug" images, which spamfilters such as SpamAssasin (in the default setting) adds point to as more likely to be spam, so using DidTheyReadIt users mail is more likely to end up in a spamfolder than any other type of mail.
On another note, I find it's walking on the thin red line of immoral behavior, and I know here in Denmark there've been several companies who've got bad publicity because of using said method.
My <1000 UID is with a hot chick
This is not very useful as it is only tracking the images that are being loaded when the email is being viewed. However, most email clients now block these inline images from being loaded so this software will not function. In text based email clients it also will not function at all. These features have already been included in such email clients as evolution.
Is 'they' the person that you are emailing.. or is 'They' didtheyreadit.com?
"It's not like your minds are as open as the source you love..." - Me to the majority of Slashdot.
In Soviet Russia e-mail monitors YOU!
*ducks*
Martin
Of course, if you use an email program that's that, umm, "open", they could just embed a trojan in it and add features like listening to what you say when you open the mail, and pictures of you reading it. :)
This company will be shot in the foot before long. It's not hard for email services such as hotmail and yahoo to protect the privacy of its users to filter out the cookie-cut inline image. How's this company supposed to charge for a service that they can't guarantee will work for every email address
If you really read into their site, it isn't saying it will "work on anything, including hotmail, aol, yahoo!, etc" but that if you use those, it will work. In other words, it will only work if you're using a web-based client, which needless to say makes perfect sense considering the methods they're using, and the failures under Pine, etc.
Send offline messages on AIM with DoorManBot
In other words, anything that looks sufficiently mysterious is deemed to be magic. What a bunch of StuplePeopid.
The only real use for this service is for spam, who cares how often and for how long your message has been read? Especially since it's only reliable on a greater scale (if there are enough people using html mail with automatic loading).
I for one would personally find the first client i could get to disable this (which is any reasonable client at the moment i guess, although i did not rtfa).
Now I'm going to finally get Bill Gates and tons of other companies to finally pay up!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
http://www.rampellsoft.com/, the people bringing you didtheyreadit looks to me like a really evil company.
/me goes back to kmail in text/plain by default, happy, safe, and in privacy.
software products to make your life on a computer easier and more efficient. by secretly spying on your spouse, kids and employees.
Oh, sorry, record, my bad.
Doubt this would work with text only readers. As far as the time open, maybe they monitor how long the img is being accessed. Kinda like a auto refresh, when does it stop.
And yes, Slashdot reported that spammers use this to determine if an email account is valid.
Karma, We don't need no stinkin' karma!
By default, Google mail has images turned off. You have to click a link at the top of the message to force it to load the images.
Most other mailers also have a way to turn off image loading because spammers have been using this tracking technique for a long time. If mailers don't allow image blocking yet, I'm sure that a service like this will get them to add that trivial feature.
Since most of us already use option like 'do not show images from remote servers' inside our emails to prevent spammers from tracking us....
how much useful can this service be to slashdot crowd?
As to Gmail, I don't know, but from what I've heard it works in a similar way.
Also, the newer versions of AOL diasable images in emails by default, requiring the user to click on an 'Enable images and links' option on each email they want to see images/have working links in.
Having email clients disable images by default (Which sems to be an increasing trend) will relegate this 'service' to the wasteland of failed dot coms pretty quickly, I'd think. When this happens, I wont be one to shed a tear. I have no desire for anyone that emails me to be able track if I have read their message. If I have, and I choose to respond to it, then they know. If I don't respond, they can keep guessing.
Not that I let my email client load images anyway, but just because I'm spiteful, I think I'll go add /etc/hosts file. (c:\windows\hosts in win98, C:\windows\system32\drivers\etc\ in XP, )
"127.0.0.1 didthereadit.com" to my
Returned Peace Corps IT Volunteer
Does anyone else find it depressing that the entire privacy issue this service (creates? no... inflames?) hinges on the fact that 99% of Internet users probably don't know whether they're reading email as HTML or plain text?
Devious suggestion: Buy misspellings of their domain, then capture all emails you receive. Hours of fun!
as
if.
If you're wanting to use something along these lines, a more up-front company that doesn't use invisible web bugs is HaveTheyReadItYet.
They use images of stamps, which are customizable, which is kind of a cool idea.
However, this only available for Windows.
Wouldn't this be a great way to harvest thousands or millions of known good email addresses?
The TOS only states that they will not store the emails -- yet their own logs will contain the email addresses. There is nothing in the TOS that explicitly prevents them from using those addresses.
The real "Libtards" are the Libertarians!
This wasn't a troll. Slashdot readers (hopefully?) don't need to see press releases from companies plugging well-known, half-baked technology as an innovation.
Now I'll be able to find out if the boss is actually reading my email!
:)
heh - and he says he doesn't get it
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
In my personal opinion, I think this might actually be a good thing. Considering the fact that didtheyreadit.com uses external images for tracking, and that they're getting a whole bunch of publicity right now (partially due to this very article), this is just another reason for email clients to block external images by default - spam apparently not being a big enough reason yet.
:)
With a bit of luck, this will make more sites and clients want to implement image blocking, which will in turn make it harder for spammers to get their messages across.
Spam is merely an annoyance to most people. Privacy issues are not.
I think this would be useful for dealing with companies with poor customer service. You can check if your mail was actually read by a human. Chances are they are all using Outlook with HTML enabled, so the tracking would work.
Anyone really wanting a service such as this only needs to use the obligatory Google-plug-n-play method.
Search results return a number of companies who advertise this service - none of which are didtheyreadit.com.
I seem to remember another company back in the Net heyday that provided the same service - assumed they went down in flames with the rest.
Now whould you like to pay for an email service that doesn't even have a fallback mailserver and is likely be busy handling mail for info@didtheyreadit.com.didtheyreadit.com.didtheyr
didtheyreadit.com
not didthereadit.com
-- Be careful what you say. Someone might remind you about it another day.
Now, for once, it is the PINE users who laugh at the world, and not the other way around!!
It seems didtheyreadit.com is looking at the same thing with a different view in mind. Their new domain name is: isyourrecipienttotallyignorantaboutsecurity.com.
now we need to go OSS in diesel cars
Actually this is good news - now you can tell if someone has 'didtheyreadit' tracked you and do with that information whatever dasterdly dead you wish ;)
a ki dinchina.com"
I feel some follow-ups comming on:
"doessomeonenottrustyou.com"
and the ever useful
"makesomeonethinkthatmyemailhasbeenhackedintoby
This comment does not represent the views or opinions of the user.
just put:
127.0.0.1 didtheyreadit.com
In your hosts file...
Or put an authoritative zone in your DNS servers if you have access.
Done, no query reaches their server.
Not only did they not see my test message when I read it from /bin/mail, they didn't see it when I downloaded it to Eudora and read it on line, which is probably because I don't download images while reading mail. I sent a copy to my fastmail.fm account, and it was able to detect that, but the thing hung around in infinitely-slow-download mode so it could detect when I closed the reading window, which doesn't seem to be a reliable process (I X'd out of that so it'd stop hanging, and I haven't gotten the update message that says I've closed the window, so I assume I never will.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Immoral? Howso?
So if you have to send email through their server, which adds a hidden tracking image and then resends the message, wouldn't all of this be blocked by SPF-aware servers? I can't even send orkut invitations out because they send "from" me and they're not in my SPF record.
Do you really need reason for beer? Wingman Brewers
I've got a better idea, stick a porn banner in your email which links to a site on your server, then check the logs and see *exactly* how *long* they errr.. *read* your *email* and which page they *read* the most ;) ah probably been done
im *really* *really* sorry for the asterix's (spelling)
This comment does not represent the views or opinions of the user.
Seriously, the new version of outlook express due to ship with service pack 2 for xp, disables image loading for just this reason.
Say buhbye to your business model. When 98% of email readers no longer can be sniffed, your business is dead.
Can I short your stock?
didtheyreadityet is a pale imitation of ReadNotify.com. While imitation may be the highest form of flattery these guys don't even come close to matching our service. We've been in business for over three years, we offer way more features and our service actually works!
What the hell ever happened to 'em?
Is it because they don't violate anyone's privacy?
Hey, if you like this, check out mailshell.com Its a nice lil service with lots of other features, and this "tracking" ability comes with it (not even mentioned on their site its such a small bit).
But mailshell does it the same way... img src=some_random_image_?4e3333333
You get the idea, it doesnt give you the geographical crap, but that info is always wrong anyways.
snowulf.com
However, this option must be hunted down and turned on.
Hotmail does one better, and allows you to block all images from loading by default, and set rules so certain senders' images will always load as well as viewing images in a piece of mail on a case-by-case basis.
Just put didtheyreadit.com as 127.0.0.1 in your host file and no image loads regardless of whether you have html mail enabled.
I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...
.didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.
INSTANT OPEN RELAY.
All a spammer has to do is forge their From address (the only means of relay authentication!) and append
There's no way it can tell if I read a message, when I have my email client trash anything that looks vaguely like spam. I know that I've probably lost a few messages, but I haven't gotten anything above my ankles, while many are having to use hip waders.
by using a text-based email proggie... like pine... I just tried it...
It is also defeated if you tell Outlook to display all messages in plaintext.. just tried that, too...
*sigh*
Things like this remind me of the most paranoid, annoying, emailers that I deal with daily. Something like 1 in 1000 emails are the type that I would ever stick a receipt on. For the most part, even those I would ask for a friendly reply in the text at the bottom.
At work, I am somewhat compelled to use outlook. Here's my favorite setting:
1) Automatically unflag incoming messages:
-Think noone reads your email? Why not flag every message you send. That way, they'll all look importat... or, the important ones will get lost in the see of red flags.
Do any of you have settings that would be good in Outlook?
They never actually claim that every message will be tracked. Their "how it works" section claimes a 98% success rate, which I am a bit dubious about, considering how many people probably use text e-mail readers or have images turned off.
They're on somewhat shakier ground when they claim that the recipient won't know the e-mail is being tracked since, thanks to reading slashdot, anytime I see that url in an e-mail I'll know someone's trying to spy on my inbox.
I work for an e-commerce company Zoovy.com (http://www.zoovy.com)- we've had this "did they read it" functionality built into our product for over 5 years. We use it to determine if we should leave people negatives on eBay because they're just ignoring the payment reminders.
This is nothing novel, new or innovative.
I bet they'll try to patent it though. Arrgh..
it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address.
Maybe they should team up with this company.
Caveat Emptor is not a business model.
Guess what folks. There's no law that says you have to let a megacorp run your e-mail. With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)
All this is is simple "web bug" HTML IMG link spying. Anyone with any kind of sense has configured their e-mail client to not automatically download remote images. Or even to not display HTML crap at all. And please don't tell me that they use Javashi^H^Hcript, because that means there's a brain-damaged popular e-mail program out there that allows it (or a webmail site that doesn't filter it). All we need is another way for e-mail to run wild code.
Is anyone else getting a flashback to the all the stupid ideas that would burn through millions of dollars in VC cash back in the dot-com bubble days?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
By default Outlook 2003 blocks all images from being downloaded in a message to prevent these 'bugs' from working for the spammer.. Unless you turn it on to allow images to appear. Incase this hasn't been brought up yet..
First, it won't work on me because like everyone else here, I've blocked external images from email.
Second, I'll send a nice little return email, thanking me for giving my email AND theirs to the spam databases.
This is a nice little scam.
However, there is a Rampell Software in Florida:
I have identified this service to be a scam using the "superfluous female person standing next to logo" method. I'm still wondering where her headset went, though...
Caveat Emptor is not a business model.
spammers are going to love this!!!
Outlook solution: check read as plain text. Stops most viruses as well.
There is another company that claims to do this, ReadNotify.
It looks to be exactly the same kind of service as Didtheyreadit.com.
I first became aware of this company by reading Mozilla's bug report 28327 - http://bugzilla.mozilla.org/show_bug.cgi?id=28327 (cut/paste URL and open in new window).
Mozilla/Thunderbird also has trouble completely blocking all server contact in email, as it evidently doesn't sandbox the email environment enough (images may be blocked, but stylesheets and other external URL's can still leak through, last I checked).
BTW, there is a workaround if you use Mozilla/Thunderbird: set your View/Message Body As settings to "Simple HTML", or better yet, "Plain Text". This works 100%!
Dr. Demento On The 'Net!
I think. Even their alerts about phishing emails. Said I should go here which supposedly redirects you to http://www1.ifccfbi.gov/. I suppose if everyone clicked on this it would really confuse the little web buggers.
Yeah, this could be fun! Imagine...
/.)
Imagine a mail filter that modifies the code that
is in the traching URL, randomize it a bit.
Or a page filter that changes the tracking code each time it is viewed...
Or get together with freinds, cross send the tracking codes that you each get and the originator will get quite confused.
Or set up wget to keep "reading" the same mail
over, and over, and over, and over, thus innundating the originator with reports.
Or grep all the tracking codes out of your mail box into one web page posted on your website
(or in an article posted on
Or create a tracking code generator that feeds its
output to wget.
I wonder if we could feed these things to spammers?
Oh, this could be fun...
didtheyreadit.com 127.0.0.1
And here it is as a link, so you can see what it is that they're sending. Note that it takes a really long time to download. Be patient.
:)
Seems to me like it could be fun to try generating some random numbers to see if you can find which ones are actually valid tracking numbers in their system. (Note that invalid numbers respond with a zero byte file instantaneously, so you can quickly try again.) Of course, that might interfere with the reliability of the information they claim to provide, so if you think these are nice guys offering a valuable service, you probably don't want to do that!
or for those of us that want to protect several computers in one step. Go to your firewall/router (I know you have at least one becuse you own 5 computers, and two that don't work) :-P and tell it to block address didtheyreadit.com
Now your blocked from didtheyreadit.com, and all sub-domains there-in for any computer on your network in one easy step even my mother could do.
Put:
:).
a.b.c.d didtheyreadit.com
In your DNS servers or hostfiles, where a.b.c.d is an address of a webserver you control.
I did something similar on April Fool's day in the company I worked for, and users instead of getting banner ads from ad.doubleclick.net and similar sites were getting our corporate logo[1].
Only a few people seemed to notice. Maybe it means people aren't surfing sites which link to these ads at work (includes *.yahoo.com etc ). Or they can't be bothered to mention it? Or their conscious brain has started filtering out ads.
[1] I never got around to putting messages like "Company ABC Staff Meeting at 2pm".
If I were like Amazon and gang I would patent the idea, but to me this sort of stuff is obvious to anyone skilled in the field.
What happens if someone posts one of their Web bugs on a popular site?
OK, so, who's going to set up a free service that duplicates what DidTheyReadIt does. It uses almost no bandwidth (you're only loading a 1x1 pixel image off a webserver). I'd do it if I had any hosting capability whatsoever.
The entire point of a free service would be 1) to educate people as to why this is pointless and 2) to make it unprofitable and drive these people out of business.
You can do this without using an image or JavaScript, and give away nothing in the source of the message. Here's one way, using Apache, .htaccess, and PHP:
.htaccess:
.css
.css under this directory will now be run as if it were a PHP script.
... any reader that accepts HTML messages will trigger track_message.php, and nothing unusual will be visible in source code, even if some curious person pulls down http://your.server.com/your.css to take a look.
1) In the header of your HTML e-mail message, load up a style sheet:
<style type="text/css">
@import "http://your.server.com/your.css";
</style>
2) In the server directory containing your CSS file, add the following line to
AddType application/x-httpd-php
Any file ending in
3) Save this as your.css:
<?php
require "track_message.php";
?>
Done. No images, no JavaScript
Back then I created a project on sourceforge called Mail Receipt. I was way wrong; the idea is as old as the hills.
If someone thinks that the recipient hasn't received the message, they can send a followup. No biggie. This service, if programmed properly, doesn't have false positives - so, for a lot of people, it could be useful. Unfortunately, going forward, it will be less and less useful as email services and spam filters and antivirus programs start filtering out linked images.
No, this isn't new... a friend of mine was using a similar service at least two years ago. I can't recall the exact site though.
So what if someone starts a service called "ProtectMyPrivacy.com". It would have a small script/installer to download that adds that to your hosts or equivalent file, but redirects to ProtectMyPrivacy.com's servers. Then the image would sent back by the server would be a warning icon or something.
The shocking thing was, in the interview, the founder/inventor(not)/designer/coder whatever he was, claimed that large large portions of mail actually gets lost on the internet.
A gentleman called in from a design engineering firm who emails large documents to other members of the firm and other associates around the country. The "expert" insisted that the didtheyreadit.com was the perfect service for them to assure that their emails made it there and were in fact read.
My question was this, how does email between two people who regularly email each other, and are probably expecting it, "get lost"? This was a major point that the guy was making, which seemed to me like he was spreading classic FUD.
Lets make sure that our friends aren't using this product for those reasons! Assure them that undeliverable mail will be properly reported back to them always, and show them how to set their mail clients to always accept mail from those in their address books!
-Mikey P
if you know that your target address to be tracked uses an HTML reader, just set up a home webserver with a 1x1 pixel graphic and include it in the mail. when they read it, the image will load quickly, and then you can grep your /var/log/httpd/access_log or whatever for the name of the image. it's crude and it's the oldest trick in the book, but it works great for me when dealing with naieve wankers at school here.
if they alter the e-mail message and add in that 1 pixel gif image to track the viewing of the e-mail, then a GPG, PGP, S/MIME signature would be useless as they have altered the body of the message.
How can you say the woman at April is superfluous? She is holding up a piece of instrumentation and is there to draw the average viewer's eye to the equipment. That is hardly superfluous.
Nothing special, just "Webbug" images, which spamfilters such as SpamAssasin (in the default setting) adds point to as more likely to be spam, so using DidTheyReadIt users mail is more likely to end up in a spamfolder than any other type of mail.
For sure, and this was my first thought, and the best way to have made it DidTheyReadIt work.
Based on the testimony and description, though, I'm concerned about the possibility that they might just be a slick-looking e-mail address collector for spammers.
Somewhat related: Anyone know how to implant a webbug image with Eudora? Eudora seems to embed images by MIME; it doesn't seem to handle an IMG tag pointing to an HTTP server. Would be useful with independent consulting; "freaking out" people by telling them exactly when they viewed their e-mail would be a handy way to break the Outlook and "but I like all the pretty pictures in my e-mail" habit.
Fire and Meat. Yummy.
Did "Did They Read It" read it?
NPR interview with didtheyreadit founder
I was the recipient of Ricardo Batista's marketing spam announcing this 'service'. Noting several problems with it, I replied to his e-mail (doing a 'reply all'), and informed him not only of my concerns, but also pointed out that now all the morons thinking they get $5,000 from Bill Gates and Walt Disney Jr. will resurface with renewed efforts to convince their famiies to forward mail "because now it can be tracked, here's proof..."
Well, turns out that Ricardo had a 'setting' wrong on his mail server, or whatever, as my response to him was also broadcast to his entire spam list.
- He neglected to supress the recipient list.
- 'customers@batista.org' was aliased to his customer list.
- He allow any non-local reply to take advantage of that.
As confirmation, Ricardo sent me an e-mail pointing out *my* mistake in replaying 'all', and the subsequent deluge of 'bounced mails' and other recipients responding pretty much corroborated this.
Whoops.
Granted, this is a simple mistake that could happen to anyone (well, not really) but doesn't paint to rosy a picture of someone claiming to provide an expert e-mail service.
I have no idea why someone like Ricardo Batista would jump on doing something so obviously silly and transparently flawed (I guess rent needs paying), but I wonder how mnay (if any) people will fall for this.
Harry
I have been using this for over a year.
Just setup a server that will:
1. Handle cgi and mail
2. Foward all the mail sent to it by parsing the subdomain
3. Add in a img link to a cgi script on same box.
4. Write a CGI to take in an ID number and send out a new email to author everytime the thing is called.
How much are they charging for this?????
Hell, if you add in the image to the bottom of every single email you send, you could run this thing completly anonymously from any free-web host that lets you run cgi scripts....
http://didtheyreadit.com/index.php/worker?code=2f7 621ffef56d47760ab1408510d6995
#1 SpamAssassin
.spamassassin/user_prefs added ...
...
.didtheyreadit.com
In my
score HTML_WEB_BUGS 20
That will throw all emails with a web bug right in the spam pile. I don't just delete my spam. I normally go through and check to see if any valid emails got tossed in my spam folder.
#2 Privoxy
In my user.action added
{ +block }
That should block any web page that links to that site. I could have just put 127.0.0.1 for didtheyreadit.com in my hosts file, but if they start putting subdomains in from of their domain name, it won't work anymore.
What about the following idea: a service that you can forward your received e-mail to, to filter out any special images that are there to track what you are doing.
echo 127.0.0.1 didtheyreadit.com >> /etc/hosts
main(char O){O++&&(((O-291)*O+27788)*O-868020?1:putchar(O++
Try "nested" at -1, then you won't have to rant on about something that already has a bunch of responses /. - a retraction by the op...
and somewhat rare for
just to /. their email servers..and make their clients happy..
This is absolutely brilliant, I shall add it to the list of examples that I talk about when I try to convince people that HTML email is bad for security/privacy and has few real advantages over plain text.
Can this really be a valid patent? I mean it is describing a method to defeat a specific instance, but it is using http standards that have already been defined. It is like having scissors used for cutting paper but using them to cut ribbon at christmas time. Just because it passed the clerk at the office, does it really stand a chance of passing a reasonable man test in a court?
I dunno, I am going back to that bright, sunlit place full of people on the otherside of the door.
One suspects that that technology is some way off.
--
This sig is inoffensive.
I'd show you what a dump of an 118-byte-long version of their JPEG image looks like, but the Slashdot Lameness Filter didn't like all those "junk" characters! However, you can view the dump here: http://jzap.com/img/ReadItBug.jpeg.txt
Or, cleaner and more idiomatic, in any Apache not dating from prehistoric era:
AddHandler php-script .css
Its lame! It works by inserting a "webbug" in the HTML e-mail. Spammers and "bulk commercial email marketers" (spammers!) have been doing this for a while now. Its no big deal. Nothing to see here. Move along.
All you have to do is disable the opening of web images in your mail client or set it to render as plain text -- most (good ones) do this by default anyway. And I think M$ even allows this to be done in the latest version of OE.
-dZ.
Carol vs. Ghost
It seems you can sign up with a totally ficticious e-mail address. ie you can send mail "from" anyone.
(SCNR)
Kmail doesn't load external images. They won't be able to track you. Easy.
I have now set up my email filter to delete off of the server any email that contains "didtheyreadit". Any email that includes this "didtheyreadit" is guaranteed to be spam. I hope all spammers use "feature".
I followed many of the posts so far about this, and I do understand why an email client will see the relayed messages as Spam. What I wasn't aware of was that the ISP may also see it as spam, making it impossible to send to anyone at a particular domain. Using didyoureadit I sent two emails to myself, each account being on a different ISP. I sent both messages from my same gmail account. Sending was flawless. The first message did work, although Thunderbird acted odd when I opened that message (so much for this being invisible). The second message seemed to vanish in the ether for awhile. The next day a bounced message appeared back at gmail: "Barracuda Spam Firewall to me - 2:34am (8 hours ago) " Even (not!) cooler than that, a view of the didyoureadit email log shows this email is still waiting being opened. Talk about bad design! There is no warning at all about this on their web site, and there is no way I could ask my recipient to turn of his *isp's* spam filters. I return to the didyouread it site. Now I notice there are *no* help files covering any problems, troubleshooting, or spam filters. I would love to have asked someone, but their user support phone number was conspicuously absent. Hmmm. I think their should change their domain name to did-you-think-this-would-really-work?.com
Turn your preview window off (duh)
Right-click on a message, go to properties.
On the details tab, click Message Source.
The company will get compaints from the normal lusers when they see that some of their contacts clearly have read the message (because, for instance, they replied to them) but there was no confirmation (because their track-ee has images blocked.)
/sigh... 8-)
It's just dot-bomb nonsense.
Besides, how soon will it be before someone figures out that mid-relay tracking for spam (you know, this came through butt-heads-R-us, we will reject it) plus intrusive crap == nobody is reading any of my mail at destination-X
And the web-bug does nothing to tell "how long" a user looked at your mail unless the very next mail message is also bugged, and unless the target user never opens more than one message at a time. (e.g. people who only read their mail in the outlook preview pane.)
"Gee, he really loved that joke." beting the response to clikcing on next-message and going home.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)
Where do you think 98% of the people would GET the static IP from?
You assume a network of one - one computer running one firewall.
I have just one computer attached to my Internet-facing network: the Linux box that serves as a NAT/firewall proxy. That is all it does - the PC's inside, all running Windows, know nothing about how to get out to the network, and they have 192.168 private addresses, so nothing inside me network knows how to speak to the net in general.
Your firewall shouldn't have to be able to filter out requests per application, your email client should be smart enough to not render HTML in previews in the first place :)
This space for rent. Call 1-800-STEAK4U
Don't services like dyndns.org, EasyDNS, Hammernode, and etc. replicate the functionality of a static IP?
-Avatar
I thought this was the standard approach for web-services (to return a redirect when the resource returned changes with each invocation of GET), exactly to avoid problems with caching? But perhaps this convention was "invented" after the patent...
Also, what if I use a redirect for other purposes than to avoid caching?
don't know if procmail & formail can be used to generate new messages to send out but a carefully crafted response, such as "my, my, you're a nosey <same expletive>, aren't you?" could be in store.
Functionally,is there a difference?
But my whole point was that the static IP was most likely being bought from one of the 'evil' corps. The same can be said about dynamic IPs as well.
If you use an email viewer that displays HTML email, then messages sent via didtheyreadit.com will record that you've read them when your viewer fetches the invisible image. They embed a transparent 1x1 image in the HTML email, coded with an ID that tells their Web server that the message was read. This is the same method used by many spammers to verify that an email address is real--if you even open a spam message in an HTML-capable mail reader they know yours is a real address. On yahoo mail you can turn off display of HTML graphics for this very reason. My test of didtheyreadit.com didn't register my reading the message at yahoo until I clicked "show HTML Images". Hmmmmm... it's sneaky. It's using a spammer trick for personal monitoring of one's own email. But is it ethical?