Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping "PattyMail" Email Bugs

Posted by ryuzaki0 on from the quit-bugging-me dept.

An anonymous reader writes, "In the U.S. Congressional Inquiry into the HP spy scandal, it was revealed that HP used Web bugs to track the source of leaks. HP's Fred Adler considers them a useful investigative tool which HP will keep using. Since dubbed PattyMail after HP Chairwoman Patricia Dunn, Web bugs have been around for a while. But it turns out the vulnerability they represent is far worse than first thought. Microsoft Outlook won't have a patch until 2007. The company at the center of the scandal claims they've done nothing wrong. But could repressive governments use them to track down critics? Can anything be done to stop Web bugs?"

3 of 248 comments (clear)

  1. Re:Get rid of pics in emails by DaveCar · · Score: 4, Informative


    The issue discussed in TFA does not involve image bugs but iframe bugs.

    Now, I don't know, but they would potentially still be triggered if you were using a "convert to plain text" filter???

  2. Re:Nothing new here... by DaveCar · · Score: 3, Informative

    Bah. RTFA. It's not about image bugs.

  3. Sendmail/MailScanner/Pmail by Medievalist · · Score: 4, Informative

    www.sendmail.org
    www.mailscanner.info
    www.pmail.com

    Problem solved, oh, maybe five years ago. It amazes me that anyone just figured this was a problem NOW.

    I've received hundreds, if not thousands, of emails with a {disarmed} header modification inserted by MailScanner... it's quite interesting to learn who is routinely inserting tracking bugs in their mailings.

    I suppose you could also use transparent caching a'la squid to bumfuzzle some of the trackers and speed up browsing for your end users at the same time. But it seems like nowadays the bugs usually contain individualized tracking codes that would make it through the cache anyway.

    You just have to strip out external references and tell the end users "that guy who sent you this is using a broken mailer". That's the strategy the HTML addicts used to create this problem, after all - they told the clueless that HTML was normal and that anybody who couldn't read it was using broken or obsolete software. I use the same line (which happens to be true) if somebody complains that they can't read company XYZ's mailings because the image links have been stripped out; "oh, company XYZ is using a broken obsolete mailer that puts external links into the text; until they learn to use the Internet you'd better find a new company to deal with or stick to phone calls".