Testing didtheyreadit.com's Mail-Tracking Claims

iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more. "This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"

The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.

How it works

[Matt2k]

I'm assuming it works by appending an invisible image that references back to their servers. Spammers do this often to verify if an account is "live".

Most e-mail and webmail clients do not have any functionality for disabling remote images, so that would explain how it works "most of the time". Mozilla thunderbird, among others, allows you to disable remote image loading. Of course a text-based client running on any Linux system is not going to be succeptable to this method of tracking either.

Re:Single pixel gif?

[nslu]

two options -- iether the server never closes connection when feeding the gif image, so it would be open until email's browser timeout or until email message is closed, or - i think this one is more likely - they trap onUnload() event and send some request to their server.

A bad investment

[digid]

This company will be shot in the foot before long. It's not hard for email services such as hotmail and yahoo to protect the privacy of its users to filter out the cookie-cut inline image. How's this company supposed to charge for a service that they can't guarantee will work for every email address

Smoke and mirrors

[Shivantrill]

This is how they do it:

<IMG height=1
src="http://didtheyreadit.com/index.php/ worker?code=787d9d69fd47aceac0e6e6225eafb831"
wid th=1>

Doubt this would work with text only readers. As far as the time open, maybe they monitor how long the img is being accessed. Kinda like a auto refresh, when does it stop.

And yes, Slashdot reported that spammers use this to determine if an email account is valid.

Re:How it 'works'

[Christianfreak]

Thunderbird at least (probably in Mozilla as well) has an option to turn off remotely loaded images. So you can keep the HTML formating if you so desire without worrying about being tracked in this fashion.