Slashdot Mirror

← Back to Stories (view on slashdot.org)

Testing didtheyreadit.com's Mail-Tracking Claims

Posted by timothy on from the fantastic-claims-require-extraordinary-evidence dept.

iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more. "This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"

The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.

106 of 400 comments (clear)

  1. Link doesn't work by fatwreckfan · · Score: 5, Informative

    Here's a working link: http://www.didtheyreadit.com/.

  2. How it 'works' by ZiZ · · Score: 5, Informative
    This is nothing more than off-site image tracking, as has been seen in spam for ages and ages. Here's an example of the image it adds:

    <img src="http://didtheyreadit.com/index.php/worker?cod e=2f985e815bd2b46450e 07957611ab6c9" width="1" height="1" /> So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default. (It was nice enough to leave my plain-old-text message - "blah blah blah" - alone in the original format, as well as adding a text/html mangled version.)

    --
    This flies in the face of science.
    1. Re:How it 'works' by agm · · Score: 3, Informative

      Evolution has this feature as well. I'm sure anyone internet savvy and aware of the spam problem would have a mail reader that prevents remote images from being displayed - which renders this service useless.

    2. Re:How it 'works' by amembleton · · Score: 4, Insightful

      From the 'How It Works' page: Will my recipient know that I am tagging my e-mail?
      No. Not unless you want them to know.

      As I suspected, they are just using a tracking image, sometimes I look at the source of messages (sad, I know), then I would know if I was being tracked. That saves me opening an account to see how they were going to do this.

      I always view my email as Plain Text using Mozilla, so this wouldn't work unless I decided to switch back to HTML. I made some of these tracking images once and tried it out. I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.

    3. Re:How it 'works' by jacobdp · · Score: 5, Insightful
      This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

      And yet they claim that there's no way the recipient can know that the message is being tracked (see their FAQ) It may not be complete snake oil, but the company is definitely lying about the service's transparency.

      And they route all your mail through their servers. I wouldn't be surprised if they soon started selling "pre-confirmed" email address lists.

    4. Re:How it 'works' by RotJ · · Score: 4, Informative

      Yahoo! and Hotmail also allow people to block all images until they explicitly approve them, so spammers can't track whether you've opened their spam. Didtheyreadit won't be able to either. So tracking for this service will be very spotty. For messages marked unread, you can NEVER know whether it was opened or not.

    5. Re:How it 'works' by amembleton · · Score: 4, Informative
      This then allows their server to know when the mail was downloaded by the user without having to rely on images.

      Unfortunatelly, I don't think it works like that. Their server will then send it to the users' server, or the mail server of their ISP or the mail sever of a webmail account such as Yahoo!, Gmail or Hotmail. Their server will send the message straight away, without any delay. The end user does not download the message from didtheyreadit.com sever, they download it from their usuall Yahoo! SMTP server or whatever their usuall mail server is.

    6. Re:How it 'works' by tigress · · Score: 4, Informative

      Uhh, no. The recipient "downloads" their mail from their ISPs mailserver. There's nothing didtheyreadit.com can do to change that. What the extra ".didtheyreadit.com" does is simply being an email adress that forwards the mail to the recipients server, and adding a tracking-image to the mail.

      Of course, if you don't believe me, please feel free to call my free 1-800 number and I'll explain it further. I promise not to redirect your call to an international $9.95/min number.

    7. Re:How it 'works' by alder · · Score: 3, Informative
      ...unless I decided to switch back to HTML.
      Then you'll go to Tools -- Options... -- Advanced -- Privacy and make sure that "Block loading of remote images in mail messages" is checked. You'll gain nicely formatted messages (with images even if they are embedded) yet all remote images, that can track you, will be ignored.
    8. Re:How it 'works' by BuckaBooBob · · Score: 3, Informative

      Not to mention if you have didtheyreadit.com in your hostfile with your loopback.

      --
      Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
    9. Re:How it 'works' by eSavior · · Score: 2, Informative

      Mozilla Thunderbird has the same feature, 1.tools->options...->advanced->privacy 2.check "Block loading of remote images in mail messages." 3.press okay

    10. Re:How it 'works' by dbirchall · · Score: 2, Insightful
      This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

      And, of course, in legitimate email newsletters and such, from lots of entities that actually have to track their ROI on such things. I used 'em about 4-5 years ago when I was doing web dev and DB marketing for a travel dot-com. If someone was signed up for our fare alerts or whatever, they'd get mail with a tag in it; if they clicked through to our site, that tag got tracked as a referrer, and passed along to the e-commerce part. Made it a LOT easier to say to the marketers "yeah, we sent X messages, Y people clicked through, Z people bought, and here's the top-line revenue for this particular fare promo."

      This is just to clarify that it's the spam that's evil, not the image tags themselves. ;)

    11. Re:How it 'works' by antic · · Score: 4, Insightful

      A typical user would not know that a web bug was in place and the typical users are exactly who they're trying to get to buy into the service.

      You and I might ignore their attempts, but there are a hell of a lot of people out there who would like the sales pitch, the 5 free samples/tests and spend the money to use the service. For the most part, they'll be emailing people without mutt and the service may just work (more or less) as described.

      Where I would have an issue is with the small percentage of emails that they can't track due to clients forcing text only mail. If a user was to build a strong reliance on this service, they would only assume that the receiver had never even read their email when in actual fact they could've opened it in a text-only client and pored over it for days!

      And the privacy issues are astounding -- they would essentially get every copy of email sent through their system -- personal information and details, etc. If you care enough about the information you're sending to want to know if the receivee will read it, then you can bet that this company may care enough about the content too...

      --
      'Thats they exact same thing a banana wrench monkey.'
    12. Re:How it 'works' by orthogonal · · Score: 4, Interesting

      So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default

      Let's be even more sensible: your firewall rules should allow your email client to make connections to your mail server ONLY, and only to its ports 110 and 25 (I'm assuming POP3; IMAP would be other orts).

      (Not for linux users: Microsoft Windows firewalls typically allow setting rules separately for separate applications, by associating a process name (and in serious firewalls, the executable's MD5 sum) with the process requesting the connection.)

      This takes care of all web bugs, inline images, and javascript pop-ups or Active-x in Microsoft HTML email.

      Note that with any sensible email client, this won't block html links, as clicking an html link should invoke a separate browser application, with its own firewall rules.

      It will block linked (not inline) images, but only a very small minority of email linked images that are at all useful to view -- in this case I just save the email as html and open in a web browser.

      --
      Opinions on the Twiddler2 hand-held keyboard?
    13. Re:How it 'works' by darkonc · · Score: 5, Informative
      I can't find such an option in Mozilla.

      Edit ->
      Preferences ->
      Privacy & Security ->
      Images ->
      [checkbox] Do not load remote images in Mail and Newsgroup messages

      It's probably the fact that it's under 'Privacy and Security', rather than 'Mail and news' that threw you.

      --
      Sometimes boldness is in fashion. Sometimes only the brave will be bold.
    14. Re:How it 'works' by photon317 · · Score: 2, Insightful


      And offsite imagine tracking is definitely not going to work for recipients like me, who use Mozilla Thunderbird and picked the config option "Block loading of remote images in mail messages".

      --
      11*43+456^2
    15. Re:How it 'works' by thrillseeker · · Score: 2, Interesting
      Mozilla Thunderbird has the same feature

      Mozilla-Thunderbird needs to make their version more like Evolution's, which has the option of allowing inline images from addresses you have put into your address book.

    16. Re:How it 'works' by ciggieposeur · · Score: 5, Interesting

      I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.

      PATENT ALERT

      I am about to describe a patented technique. Seriously. If you ever think you're going to implement a web bug, do not read this or IBM will be able to sue you for treble damages.

      Since a) I no longer work for IBM, and b) the method is on file in the patent, I am not violating my IP contract with IBM by describing this method.

      .
      .
      .

      PATENT ALERT

      .
      .
      .

      Method:

      The way to defeat browser caching is to make the IMG SRC point to a CGI that returns a REDIRECT (302) that points to the single-pixel image. So you might have IMG SRC="server/path/to/cgi?key1=val1&key2=val2". The browser will have to tick the CGI because it has "dynamic" parameters. However, the CGI has to return a REDIRECT because an intelligent proxy server in the middle might be trying to cache the output too. You don't care if the single-pixel image itself is cached, you just want to capture the CGI hit with all the parameters.

    17. Re:How it 'works' by jonadab · · Score: 5, Interesting

      You're assuming he would prefer to view the message HTML-formatted rather than
      in plaintext, which for most users who know the difference is not the case.

      Viewing in plain text has the advantage of providing a consistent look and
      feel for every message, always using the reader's preference for fonts and
      colors, among other things. (There are a few exceptions, but most people
      prefer the fonts and colors *they* like over the ones other people want them
      to see, except in special circumstances such as when having a discussion
      about fonts and colors.)

      It's all moot for me; I use Gnus. Currently I have it set to only display
      text/plain parts and show anything else as an attachment, which I can save
      and view if I choose. This means HTML mail has the From and Subject fields
      to convince me it's not spam. It's been years since I received an HTML
      message that wasn't spam, incidentally, and I get a *lot* of mail. I do
      sometimes receive multipart/alternative messages that aren't spam, but the
      plain text part always shows fine in that case.

      I *could* configure Gnus to display HTML parts, using W3, or to launch a
      browser, such as Mozilla, but I choose not to configure it that way because
      I prefer to view the plaintext alternative, and like I said it's been years
      since I received an HTML-only message that wasn't unsolicited bulkmail.

      Back to topic, the didtheygetit.com claim that the service works regardless
      of what client the recipient uses is obviously not only bogus for their
      specific product but in fact a totally impossible thing for any product to
      deliver, unless the content is munged into a form that they are *unable*
      to view without alerting you, such as an executable that unencrypts and
      displays the text after phoning home -- but something like that would be so
      odious to so many recipients that the sender would by using it be decreasing
      significantly the chances that the message would be read at all, which would
      rather defeat the purpose of the whole idea. In other words, it's an utterly
      impossible thing to deliver. OTOH, they only claim it works in 98% of cases
      and carefully qualify this saying "in our testing", which presumably means
      they didn't test with geeks who use carefully selected high-quality mail
      readers; they probably tested mostly with Outlook, two or three popular
      webmail services, and maybe Eudora or Netscape. I can positively guarantee
      that it would never work with Pegasus Mail (though pmail *does* support read
      receipts, but only if the user has turned them on in the prefs; they're
      off by default), and obviously it doesn't work with my particular config
      of Gnus. (I don't know about a default Gnus config, but that's largely not
      a significant issue since people who leave settings at their defaults don't
      tend to use Gnus in the first place; it's very much geared toward people
      who like to change lots of options.) Clearly it also wouldn't work with
      mutt or pine or anything like that, and *obviously* it wouldn't work if
      the user talks to the POP3 server directly (which I happen to have just
      done yesterday, though I only looked at three or four messages that way,
      and I'm atypical, being the maintainer of the Net::Server::POP3 module).

      I can imagine that it might be useful to some people nonetheless, especially
      in a largely homogenous corporate environment wherein it is predictable what
      mail client everyone or almost everyone uses. But clearly they're very much
      exaggerating (at best) when they claim it works irrespective of the client.

      --
      Cut that out, or I will ship you to Norilsk in a box.
    18. Re:How it 'works' by wanion · · Score: 2, Insightful

      I don't know about there, but here in New Zealand if someone redirected your call to a $9.95/min number then they would be paying for the cost of that call. Is it different where you are? I just can't see the advantage of costing yourself that much money over this.

    19. Re:How it 'works' by localhost00 · · Score: 2, Informative
      The way to defeat browser caching is to make the IMG SRC point to a CGI that returns a REDIRECT (302) that points to the single-pixel image. So you might have IMG SRC="server/path/to/cgi?key1=val1&key2=val2". The browser will have to tick the CGI because it has "dynamic" parameters. However, the CGI has to return a REDIRECT because an intelligent proxy server in the middle might be trying to cache the output too. You don't care if the single-pixel image itself is cached, you just want to capture the CGI hit with all the parameters.

      Go.com web-email actually throws in an extra parameter, like &r=[some random integer], to each link as a way to get around cache.

      --

      Calling atheism and agnosticism a religion is like calling bald a hair color.

    20. Re:How it 'works' by jonadab · · Score: 2, Informative

      > Their server will then send it to the users' server

      Additionally, even the recipient's mail server (at the recipient's ISP,
      usually) does not know when (or if) the recipient reads the message. Well,
      maybe with IMAP, but not with POP3. The protocol really only handles
      retrieval, and almost all mail clients just retrieve all the messages in
      batch, and the user can read them whenever: right away, minutes later,
      months later, whenever. There is no provision in the POP3 protocol (or
      AFAIK any of the various extensions, most of which are in any case not
      supported by most servers and many of which are also not supported by most
      clients) for the server to be contacted when this happens. I've personally
      implemented the server side of the POP3 protocol and can attest that there
      is no provision for this.

      So even the user's own ISP's mail server only knows when the user's computer
      retrieves the message, not when it's read.

      The only way the service could work, then, is if the client does something
      to let the service know that the message has been read. That absolutely
      requires support from the client, support MOST mail clients do not provide.
      I imagine they're relying on a feature that is common to Outlook and the
      most popular webmail services, but in any case the "works regardless of mail
      cient" claim is obviously without any merit.

      --
      Cut that out, or I will ship you to Norilsk in a box.
    21. Re:How it 'works' by MarkGriz · · Score: 5, Insightful

      No need to render it useless. The service seems pretty useless all by itself.

      --
      Beauty is in the eye of the beerholder.
    22. Re:How it 'works' by LordHedgehog · · Score: 2, Informative

      Worth pointing out that my SpamAssassin settings give considerable weight to image trackers. I doubt I'm alone in bumping that test up.

      If anyone hear tries to send me a DidTheyReadIt e-mail, be forewarned that not only will my mail client not display inline images, but it'll probably fall in the bit bucket as spam.

      --
      cat "Baggy pants!" > .signature # sig war!
    23. Re:How it 'works' by mobets · · Score: 2, Insightful

      Now if only I counld set a list of address that is is ok to get remote pictures for. Outlook can do this. Why not Thunderbird?

      --

      It was me, I did it, I moved your cheese
    24. Re:How it 'works' by antic · · Score: 2, Interesting

      Very true, but this company is hardly going to complain if they can get a $49.95 subscription out of these people before they realise that particular short-coming...

      I give them credit for the "idea" and definitely the implemention (adding ".didtheyreadit" to the end of a standard email address), so best of luck to them.

      And they certainly have achieved fantastic press with this slashdot exposure: suddenly a large group of people know the name, what it does, how it works and how much it costs...

      --
      'Thats they exact same thing a banana wrench monkey.'
    25. Re:How it 'works' by letxa2000 · · Score: 2, Insightful
      And they certainly have achieved fantastic press with this slashdot exposure: suddenly a large group of people know the name, what it does, how it works and how much it costs...

      ... And an SMTP server(s) that we can add to our "denied hosts" file to filter all incoming crap from them. If someone cares enough to add a webbug to their emails to violate my privacy, I care enough to filter them.

    26. Re:How it 'works' by johnnyb · · Score: 2, Interesting

      The only problem with this is that it encourages people to include images already attached - meaning spammers will send images WITH their emails, causing even more bandwidth to be lost even if you don't open it. With remote images, you get the advantage of only sending the images to people who care.

      --
      Engineering and the Ultimate
    27. Re:How it 'works' by Seumas · · Score: 2, Informative

      I was specifically speaking to the claims of the company I have heard on the radio as I quoted in my post. That is, a company that not only claims to tell you the information the original article's company does - but to allow you to also have full control over your message. Meaning that you could delete the email and any attachments from all mankind with a simple keystroke - which is clearly fraudulent and absurd.

      The company is called BigString.com and they claim their email is:

      * recallable
      * erasable
      * changeable
      * allow time delay of sending emails
      * time out of sent emails
      * report of when your messages are opened
      * the ability to only alow images to be viewed once and not allowed to be forwarded
      * ability to prevent messages from being printed
      * ability to prevent messages from being saved

      I have not researched the company because it is either entirely bullshit or proprietary as I can clearly access any email, save it and then do whatever I want with it - BigString be damned.

      The only way I can see this working is if the sender has to hav an account on their server and the recipient has to have an account on their server and then they employ some form of scripting with custom external (non mailstore) storage of messages and images tied together with a key or webbug/htmlbug.

      If you ask me, these claims and offerings are far above and beyond that of the USA Today article or this Slashdot article.

      They also claim that the technology is "patent-pending" and that sending email is the same as any regular email.

      Bigstring is the sole provider of fully Erasable-Recallable Email. Pioneering the field with our unique patent-pending technology, we empower our users with the ability to take control of their email. The best part is that it is easy to use - in fact there is no difference from regular email.
      Three years ago, the Bigstring founders set out to build the best Spam fighting email system on the planet, and then, quite by accident, they invented the world's first fully erasable email and didn't even realize it. A few months ago, one of the founders, Darin, sent an important new client an email with the wrong attachment. Upset, he asked his partners if there was any way that you could recall an email; the immediate answer was "No"!!! Then, Dave scratched his head... and said, "Well, if we modify the new system just a little, you can erase your mail, edit it, change attachments, set it to expire at a certain time and even know when it's been read." Darin said, "So, it's like you have a big string on your email and pull it back"...and Bigstring was born.

    28. Re:How it 'works' by jburroug · · Score: 2, Funny

      (how many business majors know that you can make a screenshot in windows?)

      /me raises hand

      Ahem. I happen to have a BBA in Management. I know how to take screen shots under Windows. You just hit "printscreen" and paste, though I prefer to use a nifty little utility called "ScreenHunter" Of course the only time I need to take screenshots in windows is at work, since that's the only time I ever use windows. I'm typing this message in Mozilla, on a Linux box, running GNUStep (nee Window Maker) for my window manager, with xinerama running for dual displays. If someone sent me email through didtheyreadit it wouldn't track me because I use PINE as my MUA, running directly on the FreeBSD server that runs my domain, acerbic.org. The last time I took a screenshot on this setup I used The Gimp to capture VNC screens on an XP box I'd setup for a client to digitize images pulled off an analog MRI unit. I was documenting the system for him.

      Don't assume that every business major out there is some noob that couldn't hack it in CS. I chose to major in business because I knew I could learn the tech stuff I wanted to on my own, but for the finer points of business and economics I wanted a formal education in. In fact my first job out of college was as a Unix SysAdmin for an ISP, after that I worked as IT manager for a cancer clinic. A couple of months ago I got out of hands on tech work to take a job as an account manager at an ASP - I wanted a change of pace.

      Just like the mythical geek girls and liberty defending geek lawyers there exist geek 'suits' as well, some with more techie experience than most of the posters on /. I get sick of hearing the standard lines reffering to business majors as technological retards spouted off by slashdotters whose only claim to geeks status is using kazaa-lite to download bad music off the 'net. Not that I'm implying that you fall into this catagory, or that you were specifically attacking me or anything, I'm just tired of hearing how dumb business majors are.

      --
      "Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
    29. Re:How it 'works' by ip_fired · · Score: 2, Interesting

      I don't think they will start sending images with it. It will make their e-mail campaign much less effective. Given that a good sized html message is probably 8Kb, if you add images, it will triple or quadruple the size of the message. This means they will only be able to send a quarter of the normal messages at a time. Remember too that their lists probably aren't "clean". This means that they will be wasting that much more bandwidth and time on invalid e-mails.

      So do your part! Enter false information into their database as much as possible! Fill in invalid e-mails on those little "raffle" tickets that you see trying to raffle off a car in the mall. Make sure it's an AOL account or something that delays sending back an error response instead of the instant error notifaction that some mail providers give. That way they have to worry about parsing the e-mail. Perhaps to make it even easier, maybe AOL could start sending randomized text back in their error messages to confuse the spammer's parsers.

      --
      Don't count your messages before they ACK.
    30. Re:How it 'works' by ip_fired · · Score: 4, Interesting

      There is a problem with SpamAssassin in that you can get around the little web-bug feature with a little setup on the server side. If the spammer were smart, they would use mod_rewrite to change the url from:

      http://spammerserver.com/cgi-bin/redirect.pl?id= [m d5sum]

      to:

      http://spammerserver.com/images/[md5sum]/image.j pg

      Apache then takes the a out of the url, rewrites it, and redirects it to a script which then records the hit from the user and notes that this address is valid.

      Spam filters out there need to find a good way of detecting unique identifiers that can be used to track a user.

      I'm personally moving towards the scorched earth method with my personal e-mail account. Blcok everything that isn't on my whitelist. If I know you, you're on my whitelist. It's certainly not the best method, but I hate spam.

      --
      Don't count your messages before they ACK.
    31. Re:How it 'works' by lostchicken · · Score: 4, Informative

      Patent law cannot be circumvented with a clean-room designed algorithm. A lack of knowledge of the original source will not get you out of a patent suit, just copyright issues. So, if you are trying to make a web bug, you'd best read this and do something completely different, because no matter what, you can't use the above described technique without being in violation of IBM's patent. Not even if you came up with it all by yourself.

      --
      -twb
    32. Re:How it 'works' by byolinux · · Score: 2, Interesting

      Mail.app under OS X also has this.

      Open a Terminal...

      defaults write com.apple.mail PreferPlainText -bool TRUE

      Voila, any stupid HTML email will be displayed as text only.

      --
      Join the Free Software Foundation
    33. Re:How it 'works' by OhHellWithIt · · Score: 2, Informative
      That's where the original posters "treble damages" come from. He ment "triple damages",

      There should be no confusion with this.

      From Merriam-Webster Ninth New Collegiate Dictionary
      treble adj. [ME, fr. MF, fr. L triplus -- more at TRIPLE] ... 1 b: triple in number or amount.
      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  3. Definitely snake oil. by jcr · · Score: 4, Insightful

    All I have to do is read my mail when I'm not on line.

    Nothing to see here, nothing at all.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:Definitely snake oil. by E_elven · · Score: 5, Funny

      There's a way to go off line? What does one do in this 'off-line' state?

      --
      Marxist evolution is just N generations away!
    2. Re:Definitely snake oil. by V.P. · · Score: 2, Funny

      127.0.0.1 -- There you go!

  4. this is cool by quelrods · · Score: 4, Informative

    Well, it will tell you when they opened the email/how many times/etc. (assuming they have an html enabled email client.) It works w/ yahoo mail but not with pine. The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this? (I haven't a windows box)

    --
    :(){ :|:&};:
    1. Re:this is cool by quelrods · · Score: 4, Interesting

      woops forgot to add it's direction finding skills are weak. Apparantly I'm in Michigan? I'm in Austin,TX and my POP is chicago. It appears to try to get information via one of the upstream links which is horribly inaccurate.

      --
      :(){ :|:&};:
    2. Re:this is cool by madprof · · Score: 2, Funny

      So, in fact, this is not cool at all then.

    3. Re:this is cool by Anonymous Coward · · Score: 3, Funny
      The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this?

      I'm just guessing here, but, based upon my previous experiences with Outhouse, it probably downloads an activeX script from a site in Korea and promptly reboots. But then again, that's the default behavior.

  5. OE read receipts by gbjbaanb · · Score: 2, Informative

    considering the non-friendly hack that you need to go through to get this working, wouldn't it be better to capture the data sent by Outlook and OE's read receipts and implement something compatible in Mozilla and other email clients.

    I only say use the Outlook 'standard' because it doesn't seem there's any others, and it'd be a bit useless if we had multiple versions.

    If we want read receipts, that is. Personally I turn them off, and don't send them.

    1. Re:OE read receipts by Ryquir · · Score: 5, Informative

      Uhmm... you do understand that Mozilla and other E-mail client do actually have read receipts and that this isn't a "MS" standard?

      The only difference in clients abilities with regards to read receipts is how they present you the uninformed user the dialog box saying "Sender has requested you inform them that you have read this message".

  6. Lets Implement a Similar System by KhalidBoussouara · · Score: 5, Funny

    To see if people read the article before posting on Slashdot.

    This post is a joke so don't moderate down. Also I am aware that this wouldn't be really effective.

    1. Re:Lets Implement a Similar System by Anonymous Coward · · Score: 5, Funny

      MOD PARENT DOWN. This wouldn't be effective mea...
      aww crap.

  7. Single pixel gif? by ilikejam · · Score: 4, Insightful

    Sounds to me like they just embed a simgle pixel gif in the message, and monitor when they recieve the request for it.
    How they monitor the length of time the mail stays open is a bit of a mystery.
    Turn off 'Download images' and I'd imagine their system becomes useless.
    Wasn't there a scare about spam merchants doing this once?

    --
    C-x C-s C-x k
    1. Re:Single pixel gif? by octalc0de · · Score: 2, Informative

      Perhaps the single pixel gif never finishes loading. That way, as long as the connection remains open, the web server clocks how long you're on the image.

    2. Re:Single pixel gif? by Neon+Spiral+Injector · · Score: 4, Informative

      The time is probably calculated by not actually sending the image file, or sending it very slowly. So they just keep the HTTP session open, then note when the client closes. That would limit the tracking time to when the connection times out. Like the author said, he left the Yahoo mail open for 10 minutes and it only reported 2.

      An additional note, Yahoo does have an option to disable remote images, which would also break this.

      Seems this company is too late to the party. Almost all current e-mail clients now don't or have an option to not to load remote images.

    3. Re:Single pixel gif? by ilikejam · · Score: 5, Informative
      Yup. Confirmed.
      At the bottom of the mail is:
      <img src="http://didtheyreadit.com/index.php/worker?cod e=xxxxxxxxxxxxxxxxxxxxx" width="1" height="1" />

      Oh well. Should prove very effective against those without the sense to turn off images anyway. Lets hear it for making money from people's ignorance!

      --
      C-x C-s C-x k
    4. Re:Single pixel gif? by 5E-0W2 · · Score: 2, Interesting

      Could be animated gifs sent slowly? I remember back in the days of netscape 3 iirc netscape had an aquarium webcam that worked by having an animated gif and new frames getting sent as they were generated. Or perhaps it was server push (multipart mime content). It was something like that which would work for this anyway. 1996 was a long time ago.

    5. Re:Single pixel gif? by Neon+Spiral+Injector · · Score: 4, Interesting

      I just tested, they send an image/jpeg with a header not specifying the length at 1 byte/second. But it is only 302 bytes long, so they can't track for more than 5 minutes. It is a real JPEG, 1x1 pixels, created with an Adobe product.

  8. get your privacy back easily by xlyz · · Score: 4, Informative

    just set your mail client to not download images

    1. Re:get your privacy back easily by Pike65 · · Score: 5, Funny

      How do I do that in pine?

      --
      "If being a geek means being passionate about something, then I pity those who aren't geeks." - Pike65
    2. Re:get your privacy back easily by MntlChaos · · Score: 2, Informative

      it's the default. so just type pine and it's set up to not download images

  9. No good by martingunnarsson · · Score: 3, Insightful

    If you can't trust the service, and you obviously can't, I don't think there's a very good reason to use it. Unless it works for every single message it's no good. It is a pretty neat idea, but the tinfoil hat crowd will most likely scream and shout about their privacy being invaded.

    --
    Martin
    1. Re:No good by Z-MaxX · · Score: 5, Insightful

      Unless it works for every single message it's no good.

      So true. And this is straight from their main page:

      "Are you as sick of getting the "I never got your email." line as I was? This will eliminate that excuse completely. It really lets you know whom you're dealing with."

      Now you simply say, "My spam filter blocks images." And you may have a reason then to think that the person who sent you the message doesn't trust you.

      You can't solve a people problem with technology.

      --
      Dr Superlove 300ml. I use my powers for awesome
  10. Why not do it yourself by Crashmarik · · Score: 4, Funny

    If the recipient is using a text based email program theres no way in heck anything is going to track whether the mail was opened or read. If its an HTML reader like Outlook just pop a web beacon and let your server monitor it. If you can't figure out how to make this work yourself, you probably shouldn't be allowed to go spying on others anyway.

  11. Re:fp! by TheViciousOverWind · · Score: 4, Informative

    Nothing special, just "Webbug" images, which spamfilters such as SpamAssasin (in the default setting) adds point to as more likely to be spam, so using DidTheyReadIt users mail is more likely to end up in a spamfolder than any other type of mail.

    On another note, I find it's walking on the thin red line of immoral behavior, and I know here in Denmark there've been several companies who've got bad publicity because of using said method.

    --
    My <1000 UID is with a hot chick
  12. Not very useful! by edoc · · Score: 2, Informative

    This is not very useful as it is only tracking the images that are being loaded when the email is being viewed. However, most email clients now block these inline images from being loaded so this software will not function. In text based email clients it also will not function at all. These features have already been included in such email clients as evolution.

  13. Re:Uh, the link is wrong by SuperficialRhyme · · Score: 2, Interesting

    Strange. The links work for me with Mozilla Firefox 0.8 (unless they've been corrected already and I missed the time they didn't work).

  14. It's an animated GIF! by Anonymous Coward · · Score: 5, Informative
    It embeds a single pixel image, but it appears to keep feeding you the image forever, at a rate of a byte a second. Thus, if you use an HTML image reader that loads embedded graphics from random servers, they will know how long you had it open for.

    Of course, if you use an email program that's that, umm, "open", they could just embed a trojan in it and add features like listening to what you say when you open the mail, and pictures of you reading it. :)

    1. Re:It's an animated GIF! by Seumas · · Score: 2, Insightful

      What's pathetic is that the USA Today technical writer Kevin Maney wasn't smart enough to really investigate the product/technology he was reporting on. Not a shred of investigative reporting or critical thinking in the entire article.

      Even my grandmother would have to sense to do more investigating and be more doubtful about the claims of the product than this guy.

  15. I'M RICH!! by nacturation · · Score: 4, Funny

    Now I'm going to finally get Bill Gates and tons of other companies to finally pay up!

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  16. eeevviiilll! by Gaima · · Score: 5, Informative

    http://www.rampellsoft.com/, the people bringing you didtheyreadit looks to me like a really evil company.

    software products to make your life on a computer easier and more efficient. by secretly spying on your spouse, kids and employees.
    Oh, sorry, record, my bad.

    /me goes back to kmail in text/plain by default, happy, safe, and in privacy.

  17. This would fail with GMail by tji · · Score: 5, Informative

    By default, Google mail has images turned off. You have to click a link at the top of the message to force it to load the images.

    Most other mailers also have a way to turn off image loading because spammers have been using this tracking technique for a long time. If mailers don't allow image blocking yet, I'm sure that a service like this will get them to add that trivial feature.

    1. Re:This would fail with GMail by attemptedgoalie · · Score: 2, Informative

      Outlook 2003 blocks images as well.

      Outlook Express will when XP SP2 hits at end of July.

      --
      My mom says I'm cool.
  18. Yahoo, and Gmail too... by QangMartoq · · Score: 2, Informative
    Both of these web-based email services have the ability to block loading of images in spam, though, at least with Yahoo, it's worthy to note that this feature extends only to messages stored in your 'Bulk' folder.

    As to Gmail, I don't know, but from what I've heard it works in a similar way.

    Also, the newer versions of AOL diasable images in emails by default, requiring the user to click on an 'Enable images and links' option on each email they want to see images/have working links in.

    Having email clients disable images by default (Which sems to be an increasing trend) will relegate this 'service' to the wasteland of failed dot coms pretty quickly, I'd think. When this happens, I wont be one to shed a tear. I have no desire for anyone that emails me to be able track if I have read their message. If I have, and I choose to respond to it, then they know. If I don't respond, they can keep guessing.

  19. quick prevention of getting tracked by this... by griffjon · · Score: 5, Informative

    Not that I let my email client load images anyway, but just because I'm spiteful, I think I'll go add
    "127.0.0.1 didthereadit.com" to my /etc/hosts file. (c:\windows\hosts in win98, C:\windows\system32\drivers\etc\ in XP, )

    --
    Returned Peace Corps IT Volunteer
  20. Depressing... by Gutboy_Barrelhouse · · Score: 5, Insightful

    Does anyone else find it depressing that the entire privacy issue this service (creates? no... inflames?) hinges on the fact that 99% of Internet users probably don't know whether they're reading email as HTML or plain text?

    1. Re:Depressing... by PTBarnum · · Score: 2, Informative

      Outlook 2002:

      To suppress all HTML rendering, add this key as a DWORD with value 1.

      HKEY_CURRENT_USER\Software\Microsoft\Office\10.0 \O utlook\Options\Mail\ReadAsPlain

      Outlook 2003:

      I don't use this, but I understand there are preference settings in the app itself to suppress external images and possibly even turn off HTML.

    2. Re:Depressing... by Brandybuck · · Score: 2, Insightful

      And people call Windows "easy to use"? Hah!

      --
      Don't blame me, I didn't vote for either of them!
  21. mwahaha by Anonymous Coward · · Score: 4, Funny

    Devious suggestion: Buy misspellings of their domain, then capture all emails you receive. Hours of fun!

  22. Re:But we're blocking it anways.. by JessLeah · · Score: 3, Insightful

    Clearly, this service isn't being marketed to the SlashDot crowd. The very IDEA of this service reeks of "mass market", which we are not. (Though, with all the MSFT ads, we're getting closer every year. I'm just waiting until I see AOL ads on SlashDot. That'll be the day...)

    --
    Honey, I shrunk the Cygwin
  23. Better alternative by mapinguari · · Score: 4, Informative

    If you're wanting to use something along these lines, a more up-front company that doesn't use invisible web bugs is HaveTheyReadItYet.

    They use images of stamps, which are customizable, which is kind of a cool idea.

    However, this only available for Windows.

  24. SPAMMERS, perhaps? by whoever57 · · Score: 4, Insightful
    A whois on didtheyreadit.com shows an address in Florida.

    Wouldn't this be a great way to harvest thousands or millions of known good email addresses?

    The TOS only states that they will not store the emails -- yet their own logs will contain the email addresses. There is nothing in the TOS that explicitly prevents them from using those addresses.

    --
    The real "Libtards" are the Libertarians!
    1. Re:SPAMMERS, perhaps? by danharan · · Score: 2, Insightful

      And conveniently, they also have a sender that is likely on your white list...

      More sophisticated analysis could also yield useful info (likely gender of the sender based on words and sentence structure; keywords to indicate interests).

      --
      Information: "I want to be anthropomorphized"
  25. Awesome! by CRC'99 · · Score: 3, Funny

    Now I'll be able to find out if the boss is actually reading my email!

    heh - and he says he doesn't get it :)

    --
    Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
  26. Good for them, and us. by tigress · · Score: 4, Insightful

    In my personal opinion, I think this might actually be a good thing. Considering the fact that didtheyreadit.com uses external images for tracking, and that they're getting a whole bunch of publicity right now (partially due to this very article), this is just another reason for email clients to block external images by default - spam apparently not being a big enough reason yet.

    With a bit of luck, this will make more sites and clients want to implement image blocking, which will in turn make it harder for spammers to get their messages across.

    Spam is merely an annoyance to most people. Privacy issues are not. :)

  27. Could be useful by zerosignal · · Score: 2, Interesting

    I think this would be useful for dealing with companies with poor customer service. You can check if your mail was actually read by a human. Chances are they are all using Outlook with HTML enabled, so the tracking would work.

  28. DNS fun... by AVee · · Score: 4, Insightful
    Looks like they've got a wildcard mx record:
    # host -t mx aol.com.didtheyreadit.com
    aol.com.didtheyreadit.c om mail is handled by 10 mail.cluster1.didtheyreadit.com.
    host -t mx lsdkfjksdlfjklsdjf.didtheyreadit.com
    lsdkfjksdlfj klsdjf.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.
    Now whould you like to pay for an email service that doesn't even have a fallback mailserver and is likely be busy handling mail for info@didtheyreadit.com.didtheyreadit.com.didtheyre adit.com.didtheyreadit.com.didtheyreadit.com
    # host -t mx didtheyreadit.com.didtheyreadit.com.didtheyreadit. com.didtheyreadit.com.didtheyreadit.com
    didtheyre adit.com.didtheyreadit.com.didtheyreadit.com.didth eyreadit.com.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.
    1. Re:DNS fun... by Anonymous Coward · · Score: 2, Interesting

      Probably because mail.cluster1.didtheyreadit.com points to 3 different IP addresses.. Not sure why they didn't just make 3 separate MX records.

    2. Re:DNS fun... by grozzie2 · · Score: 2, Interesting
      mail is handled by 10 mail.cluster1.didtheyreadit.com.

      Ok, a little more digging. mail.cluster1.didtheyreadit.com resolves to 3 consecutive ip addresses. Repeat the process for www.didtheyreadit.com and you find that the same 3 ip address resolve to that. This smells a lot like somebody has gone to the effort to build a high availability cluster for dealing with mail, just based on the consecutive ip's and the telltale names.

      Interesting, this same cluster is also set up to provide the backing infrastructure to do email tracking via embedded images.

      Obviously these guys are set up to handle volume, so, that does prompt a question. Are there really enough people using this service to load up 3 mail servers in a cluster configuration ? Or is it possible they have the infrastructure in place for another business, and they are leveraging it to do this too ?

      I just dont see the 'didtheyreadthat.com' business being large enough to swamp 3 machines processing the outgoing mail, and the incoming image connections. But, if this is just a sideline for machines that are spending the day tracking inline images on spam, it sure makes sense. A whole new business leveraged off existing infrastructure.

    3. Re:DNS fun... by shani · · Score: 2, Interesting

      Two things about fallback mail servers.

      The first is that Internet mail has retry functionality built in. If your mail server goes off-line for a few minutes, most clients won't notice. It's not an immediate service like HTTP. Personally, I only have a backup MX for my personal domain because my box is physically located at my employer's office. The company could unplug it (permanently!) at any moment. People I trust - companies not one iota.

      The other thing is, as other people have mentioned, this service relies on embedded 1-byte images retrieved by mail clients using HTTP. In this case, if their HTTP servers are off-line, the service is basically non-functional. In this case, having the MX delivery fail may actually be a feature. If the MX fails at the same time as the web server, you avoid having mail delivered when it can't be tracked.

      Incidentally, this side-effect of having related service failures is one reason I think that the DNS requirements of having DNS servers available in multiple networks is probably bogus for many services. For a lot of companies, if you HTTP server is off line, why would you care that DNS is working? Why would you spend any time or money making your DNS more reliable than your web service? (My guess is that DNS weenies consider reliable DNS an end, rather than a means.)

  29. Re:Uh, the link is wrong by J'raxis · · Score: 2, Interesting

    The browser should take the scheme from the context of the current URL. This is valid according to the definition of a URL in the RFC.

    You know that a URL like /foo/bar is evaluated relative to the current server, right? Well, something like //www.foo.com/bar is evaluated relative to the current scheme, i.e., http.

    --
    Liberty in your lifetime
  30. Re:Smoke and mirrors by DaHat · · Score: 4, Funny

    And now we all DoS their site as we try to load that image to see if it really does work...

    It seems to be good, just an awful slow load (which no doubt is intentional to measure the length of your 'reading' of the e-mail).

    --
    Help Brendan pay off his student loans
  31. Easy fix... by jafiwam · · Score: 4, Informative

    just put:

    127.0.0.1 didtheyreadit.com

    In your hosts file...

    Or put an authoritative zone in your DNS servers if you have access.

    Done, no query reaches their server.

  32. Actually by t_allardyce · · Score: 2, Funny

    I've got a better idea, stick a porn banner in your email which links to a site on your server, then check the logs and see *exactly* how *long* they errr.. *read* your *email* and which page they *read* the most ;) ah probably been done

    im *really* *really* sorry for the asterix's (spelling)

    --
    This comment does not represent the views or opinions of the user.
  33. Yahoo and Hotmail image loading by AzureLunatic · · Score: 3, Informative
    Yahoo mail has the option to block all images from loading by default (not just in the sorted-as-spam bucket), warns the user when images are blocked from loading, and allows loading of images on a message-by-message basis.

    However, this option must be hunted down and turned on.

    Hotmail does one better, and allows you to block all images from loading by default, and set rules so certain senders' images will always load as well as viewing images in a piece of mail on a case-by-case basis.

  34. Big problem: instant open relay by bigberk · · Score: 4, Insightful

    I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...

    INSTANT OPEN RELAY.

    All a spammer has to do is forge their From address (the only means of relay authentication!) and append .didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.

    1. Re:Big problem: instant open relay by Geotopia · · Score: 2, Insightful

      Let's say that I monitor incoming SPAM for a while. I pick up a pattern for the DidTheyReadIt relays (that's all they are) by looking at headers or monitoring inbound traffic on my POP server. Then I take one (or many) of those email addresses I've identified as coming through "DidTheyReadIt" and forge it/them in the from: field and then append the appropriate tag to the end of the to: addresses. Now all those will relay through the DidTheyReadIt servers, racking up charges for the forged from: senders and tying up their service. This thing is as doomed to fail as the basically flawed SendMail structure that fails to certify the sender and got us in this mess in the first place.

      I could have some fun with this sending email from known spammers back to other known spammers and put it on their tab for a change.

      Email is dead as a useful form of communication - let's just face it and find something new!

  35. Paranoid Annoying Emailers by NitsujTPU · · Score: 2, Interesting

    Things like this remind me of the most paranoid, annoying, emailers that I deal with daily. Something like 1 in 1000 emails are the type that I would ever stick a receipt on. For the most part, even those I would ask for a friendly reply in the text at the bottom.

    At work, I am somewhat compelled to use outlook. Here's my favorite setting:

    1) Automatically unflag incoming messages:
    -Think noone reads your email? Why not flag every message you send. That way, they'll all look importat... or, the important ones will get lost in the see of red flags.

    Do any of you have settings that would be good in Outlook?

  36. "Every single internet provider"? by Megane · · Score: 4, Insightful
    DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more.

    Guess what folks. There's no law that says you have to let a megacorp run your e-mail. With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)

    All this is is simple "web bug" HTML IMG link spying. Anyone with any kind of sense has configured their e-mail client to not automatically download remote images. Or even to not display HTML crap at all. And please don't tell me that they use Javashi^H^Hcript, because that means there's a brain-damaged popular e-mail program out there that allows it (or a webmail site that doesn't filter it). All we need is another way for e-mail to run wild code.

    Is anyone else getting a flashback to the all the stupid ideas that would burn through millions of dollars in VC cash back in the dot-com bubble days?

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  37. It's a scam, and here's how I know by BillX · · Score: 5, Funny

    I have identified this service to be a scam using the "superfluous female person standing next to logo" method. I'm still wondering where her headset went, though...

    --
    Caveat Emptor is not a business model.
    1. Re:It's a scam, and here's how I know by mkendall · · Score: 2

      My favorite example of this is a manufacturer of programmable microwave signal generators, www.aprilinstrument.com

  38. Re:Picture of Alex Rampell? by whoever57 · · Score: 2, Interesting
    At the same address is The firm of Rampell & Rampell, PA

    A multi-talented family? Accountants, Software, and now a web-based business.

    The software seems to be keyloggers and others.

    --
    The real "Libtards" are the Libertarians!
  39. Wonder how it compares with ReadNotify by Krellan · · Score: 3, Informative

    There is another company that claims to do this, ReadNotify.

    It looks to be exactly the same kind of service as Didtheyreadit.com.

    I first became aware of this company by reading Mozilla's bug report 28327 - http://bugzilla.mozilla.org/show_bug.cgi?id=28327 (cut/paste URL and open in new window).

    Mozilla/Thunderbird also has trouble completely blocking all server contact in email, as it evidently doesn't sandbox the email environment enough (images may be blocked, but stylesheets and other external URL's can still leak through, last I checked).

    BTW, there is a workaround if you use Mozilla/Thunderbird: set your View/Message Body As settings to "Simple HTML", or better yet, "Plain Text". This works 100%!

    --

    Dr. Demento On The 'Net!

  40. Re:fp! by senatorpjt · · Score: 3, Interesting

    OK, so, who's going to set up a free service that duplicates what DidTheyReadIt does. It uses almost no bandwidth (you're only loading a 1x1 pixel image off a webserver). I'd do it if I had any hosting capability whatsoever.

    The entire point of a free service would be 1) to educate people as to why this is pointless and 2) to make it unprofitable and drive these people out of business.

  41. Tracking HTML e-mail without images or JavaScript by Kent+Brewster · · Score: 3, Informative

    You can do this without using an image or JavaScript, and give away nothing in the source of the message. Here's one way, using Apache, .htaccess, and PHP:

    1) In the header of your HTML e-mail message, load up a style sheet:

    <style type="text/css">
    @import "http://your.server.com/your.css";
    </style>

    2) In the server directory containing your CSS file, add the following line to .htaccess:

    AddType application/x-httpd-php .css

    Any file ending in .css under this directory will now be run as if it were a PHP script.

    3) Save this as your.css:

    <?php
    require "track_message.php";
    ?>

    Done. No images, no JavaScript ... any reader that accepts HTML messages will trigger track_message.php, and nothing unusual will be visible in source code, even if some curious person pulls down http://your.server.com/your.css to take a look.

  42. Heard about this on NPR interview last week by kc8jhs · · Score: 3, Interesting

    The shocking thing was, in the interview, the founder/inventor(not)/designer/coder whatever he was, claimed that large large portions of mail actually gets lost on the internet.

    A gentleman called in from a design engineering firm who emails large documents to other members of the firm and other associates around the country. The "expert" insisted that the didtheyreadit.com was the perfect service for them to assure that their emails made it there and were in fact read.

    My question was this, how does email between two people who regularly email each other, and are probably expecting it, "get lost"? This was a major point that the guy was making, which seemed to me like he was spreading classic FUD.

    Lets make sure that our friends aren't using this product for those reasons! Assure them that undeliverable mail will be properly reported back to them always, and show them how to set their mail clients to always accept mail from those in their address books!

    -Mikey P

  43. Whoops - the marketing SPAM backfired... by HarryZink · · Score: 2, Interesting

    I was the recipient of Ricardo Batista's marketing spam announcing this 'service'. Noting several problems with it, I replied to his e-mail (doing a 'reply all'), and informed him not only of my concerns, but also pointed out that now all the morons thinking they get $5,000 from Bill Gates and Walt Disney Jr. will resurface with renewed efforts to convince their famiies to forward mail "because now it can be tracked, here's proof..."

    Well, turns out that Ricardo had a 'setting' wrong on his mail server, or whatever, as my response to him was also broadcast to his entire spam list.

    - He neglected to supress the recipient list.
    - 'customers@batista.org' was aliased to his customer list.
    - He allow any non-local reply to take advantage of that.

    As confirmation, Ricardo sent me an e-mail pointing out *my* mistake in replaying 'all', and the subsequent deluge of 'bounced mails' and other recipients responding pretty much corroborated this.

    Whoops.

    Granted, this is a simple mistake that could happen to anyone (well, not really) but doesn't paint to rosy a picture of someone claiming to provide an expert e-mail service.

    I have no idea why someone like Ricardo Batista would jump on doing something so obviously silly and transparently flawed (I guess rent needs paying), but I wonder how mnay (if any) people will fall for this.

    Harry

  44. Re:As a link... and another way to mess them up... by The+Kiloman · · Score: 2, Insightful

    Ahh, so that's how they track how long you looked at the message. As long as you have the message up, your client keeps the socket open, trying to load the image. They send you the image content at a rate just fast enough to keep the client interested. (If I cared, I'd run a TCPDump and get numbers.) When the socket's closed, they think you've stopped looking at the message.

    They're probably also relying on quirks in the Windows / IE network code... something about Linux or maybe Mozilla gives up, calls the image done, and closes the socket after 2 minutes, whereas IE will keep trying until the parent frame or message is closed. That would explain why it took me ~2 minutes to load the parent post's link, and why it said that the reviewer only read the message for 2 minutes.

    --
    You may disagree, but to be blunt, you're wrong. -tgd
  45. Simple! by le_jfs · · Score: 2, Interesting

    echo 127.0.0.1 didtheyreadit.com >> /etc/hosts

    --
    main(char O){O++&&(((O-291)*O+27788)*O-868020?1:putchar(O++) )&&main(O);}
  46. Re:They may have their patent sticker but. . . . by julesh · · Score: 2, Informative

    I'm sorry, it isn't either novel or non-trivial. I've been using this technique since 1997, when I read it as a recommended technique in a book on CGI programming that had been published years before.

    It is obvious. In fact, it's about the easiest way of solving the problem of a CGI script that produces an image, let alone cache-busting.

  47. Here's How They Time the View by jzap · · Score: 3, Interesting
    They put a 1x1 image in the HTML e-mail with a (long) unique number in the SRC URL. The unique number identifies the sent message. When your e-mail client tries to fetch the image, they send the header right away (type=image/jpeg), but they trickle the data to you at one byte per second. This keeps the connection open for as long as you view the message. When you stop viewing the message, the connection closes, and their timer stops.

    I'd show you what a dump of an 118-byte-long version of their JPEG image looks like, but the Slashdot Lameness Filter didn't like all those "junk" characters! However, you can view the dump here: http://jzap.com/img/ReadItBug.jpeg.txt

  48. Re:Well... at least no false positives. by nahdude812 · · Score: 2, Interesting

    Given that it re-routes all the replies through their service, I'd wager that they are at least smart enough to mark a message as read if they get a reply for it through their network.

    --
    Slay a dragon... over lunch!