Slashdot Mirror

← Back to Stories (view on slashdot.org)

Testing didtheyreadit.com's Mail-Tracking Claims

Posted by timothy on from the fantastic-claims-require-extraordinary-evidence dept.

iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more. "This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"

The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.

19 of 400 comments (clear)

  1. Link doesn't work by fatwreckfan · · Score: 5, Informative

    Here's a working link: http://www.didtheyreadit.com/.

  2. How it 'works' by ZiZ · · Score: 5, Informative
    This is nothing more than off-site image tracking, as has been seen in spam for ages and ages. Here's an example of the image it adds:

    <img src="http://didtheyreadit.com/index.php/worker?cod e=2f985e815bd2b46450e 07957611ab6c9" width="1" height="1" /> So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default. (It was nice enough to leave my plain-old-text message - "blah blah blah" - alone in the original format, as well as adding a text/html mangled version.)

    --
    This flies in the face of science.
    1. Re:How it 'works' by RotJ · · Score: 4, Informative

      Yahoo! and Hotmail also allow people to block all images until they explicitly approve them, so spammers can't track whether you've opened their spam. Didtheyreadit won't be able to either. So tracking for this service will be very spotty. For messages marked unread, you can NEVER know whether it was opened or not.

    2. Re:How it 'works' by amembleton · · Score: 4, Informative
      This then allows their server to know when the mail was downloaded by the user without having to rely on images.

      Unfortunatelly, I don't think it works like that. Their server will then send it to the users' server, or the mail server of their ISP or the mail sever of a webmail account such as Yahoo!, Gmail or Hotmail. Their server will send the message straight away, without any delay. The end user does not download the message from didtheyreadit.com sever, they download it from their usuall Yahoo! SMTP server or whatever their usuall mail server is.

    3. Re:How it 'works' by tigress · · Score: 4, Informative

      Uhh, no. The recipient "downloads" their mail from their ISPs mailserver. There's nothing didtheyreadit.com can do to change that. What the extra ".didtheyreadit.com" does is simply being an email adress that forwards the mail to the recipients server, and adding a tracking-image to the mail.

      Of course, if you don't believe me, please feel free to call my free 1-800 number and I'll explain it further. I promise not to redirect your call to an international $9.95/min number.

    4. Re:How it 'works' by darkonc · · Score: 5, Informative
      I can't find such an option in Mozilla.

      Edit ->
      Preferences ->
      Privacy & Security ->
      Images ->
      [checkbox] Do not load remote images in Mail and Newsgroup messages

      It's probably the fact that it's under 'Privacy and Security', rather than 'Mail and news' that threw you.

      --
      Sometimes boldness is in fashion. Sometimes only the brave will be bold.
    5. Re:How it 'works' by lostchicken · · Score: 4, Informative

      Patent law cannot be circumvented with a clean-room designed algorithm. A lack of knowledge of the original source will not get you out of a patent suit, just copyright issues. So, if you are trying to make a web bug, you'd best read this and do something completely different, because no matter what, you can't use the above described technique without being in violation of IBM's patent. Not even if you came up with it all by yourself.

      --
      -twb
  3. this is cool by quelrods · · Score: 4, Informative

    Well, it will tell you when they opened the email/how many times/etc. (assuming they have an html enabled email client.) It works w/ yahoo mail but not with pine. The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this? (I haven't a windows box)

    --
    :(){ :|:&};:
  4. get your privacy back easily by xlyz · · Score: 4, Informative

    just set your mail client to not download images

  5. Re:fp! by TheViciousOverWind · · Score: 4, Informative

    Nothing special, just "Webbug" images, which spamfilters such as SpamAssasin (in the default setting) adds point to as more likely to be spam, so using DidTheyReadIt users mail is more likely to end up in a spamfolder than any other type of mail.

    On another note, I find it's walking on the thin red line of immoral behavior, and I know here in Denmark there've been several companies who've got bad publicity because of using said method.

    --
    My <1000 UID is with a hot chick
  6. Re:Single pixel gif? by Neon+Spiral+Injector · · Score: 4, Informative

    The time is probably calculated by not actually sending the image file, or sending it very slowly. So they just keep the HTTP session open, then note when the client closes. That would limit the tracking time to when the connection times out. Like the author said, he left the Yahoo mail open for 10 minutes and it only reported 2.

    An additional note, Yahoo does have an option to disable remote images, which would also break this.

    Seems this company is too late to the party. Almost all current e-mail clients now don't or have an option to not to load remote images.

  7. It's an animated GIF! by Anonymous Coward · · Score: 5, Informative
    It embeds a single pixel image, but it appears to keep feeding you the image forever, at a rate of a byte a second. Thus, if you use an HTML image reader that loads embedded graphics from random servers, they will know how long you had it open for.

    Of course, if you use an email program that's that, umm, "open", they could just embed a trojan in it and add features like listening to what you say when you open the mail, and pictures of you reading it. :)

  8. Re:Single pixel gif? by ilikejam · · Score: 5, Informative
    Yup. Confirmed.
    At the bottom of the mail is:
    <img src="http://didtheyreadit.com/index.php/worker?cod e=xxxxxxxxxxxxxxxxxxxxx" width="1" height="1" />

    Oh well. Should prove very effective against those without the sense to turn off images anyway. Lets hear it for making money from people's ignorance!

    --
    C-x C-s C-x k
  9. Re:OE read receipts by Ryquir · · Score: 5, Informative

    Uhmm... you do understand that Mozilla and other E-mail client do actually have read receipts and that this isn't a "MS" standard?

    The only difference in clients abilities with regards to read receipts is how they present you the uninformed user the dialog box saying "Sender has requested you inform them that you have read this message".

  10. eeevviiilll! by Gaima · · Score: 5, Informative

    http://www.rampellsoft.com/, the people bringing you didtheyreadit looks to me like a really evil company.

    software products to make your life on a computer easier and more efficient. by secretly spying on your spouse, kids and employees.
    Oh, sorry, record, my bad.

    /me goes back to kmail in text/plain by default, happy, safe, and in privacy.

  11. This would fail with GMail by tji · · Score: 5, Informative

    By default, Google mail has images turned off. You have to click a link at the top of the message to force it to load the images.

    Most other mailers also have a way to turn off image loading because spammers have been using this tracking technique for a long time. If mailers don't allow image blocking yet, I'm sure that a service like this will get them to add that trivial feature.

  12. quick prevention of getting tracked by this... by griffjon · · Score: 5, Informative

    Not that I let my email client load images anyway, but just because I'm spiteful, I think I'll go add
    "127.0.0.1 didthereadit.com" to my /etc/hosts file. (c:\windows\hosts in win98, C:\windows\system32\drivers\etc\ in XP, )

    --
    Returned Peace Corps IT Volunteer
  13. Better alternative by mapinguari · · Score: 4, Informative

    If you're wanting to use something along these lines, a more up-front company that doesn't use invisible web bugs is HaveTheyReadItYet.

    They use images of stamps, which are customizable, which is kind of a cool idea.

    However, this only available for Windows.

  14. Easy fix... by jafiwam · · Score: 4, Informative

    just put:

    127.0.0.1 didtheyreadit.com

    In your hosts file...

    Or put an authoritative zone in your DNS servers if you have access.

    Done, no query reaches their server.