User Not Found, Email Drops Silently

shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."

Only if your mail client is severely misconfigured

[Idaho]

Thunderbird defaults to asking when someone asks for a return receipt; I always change the setting to not even ask but simply never to send them. It is nobodies business to know whether, not to mention when I have first opened their e-mail (which is also, by the way, not the same thing as actually reading it).

In addition, you should set your client to never download external images. This should solve about 99% of these "exploits". As far as I can remember, the company mentioned uses a transparent/invisible image on an intentionally slowed down server that feeds the image byte by byte; usually, mail clients disconnect/cancel the download once you click another message.

I can only imagine "preventing" forwarding to work with really retarded mail clients (I think we all know the one I'm talking about).

The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

Did you get it?

[RidcullyTheBrown]

I am amused by the ways people treat different technologies. I see people who assume that email delivery is perfect and instantaneous, and get upset if their message is delayed or doesn't reach the destination. The same people will follow up a fax with a phone call to confirm the recipient got it. There appears to be no difference in the importance of the messages involved, so perhaps it is a generational (in terms of the technology) thing.

The other thing I see around here is the people who request a receipt (we use Outlook) when they send a global email to all 1500 users on the system. Most of them only do it once.

Why it can't work

Here's a good summary of why such plans won't work:
http://theamigo.blogspot.com/2007/07/expiring-email-no-not-really.html

Re:Remote images?

[pthor1231]

Hotmail doesn't loaded remote images, and would even prevent you from clicking on a link if the sender was unknown. They have been doing this for quite a while.

Links to actual services

[e+r+i+k+0]

I'm surprised the author didn't link to the actual services:

• ReadNotify FAQ - doesn't seem to give too much actual info on how it works, but looks like it's a combination of images hosted on the ReadNotify server with tracked downloads, rewritten links to go through ReadNotify servers to add log entries, and some other things I couldn't guess immediately.
• MessageTag seems to just be an image hosting service which tracks image downloads.

Both seem to be easily defeated; indeed, the ReadNotify FAQ mentions that the "invisible" tracking service (which I assume means that it just includes the tracking images in the message) may be unreliable.

Re:Remote images?

[cayenne8]

Yep...I prefer email to be plain text, no need to send 1MB worth of date, to display 5 lines of text.

I request that people set their email clients to text for forums I'm on...and often, people will do it and didn't know they could change this setting on their email client. Why is html mail the default on so many clients anyway?

Anyway...I was wondering how this company would get this type of info reading plain old email, but, I'd forgotten about using clients set up to download images, javascript...etc.

Re:Remote images?

Gmail was certainly not the first. I know that Rocketmail(now Yahoo!) and Hotmail had this feature long before Google as a company even existed.

copyright

[speedtux]

If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish,

The copyright still remains with the sender, so, no, they are not yours. Furthermore, you cannot legally do with them as you wish.

Re:html-only email

[martin-boundary]

Just a little clarification FYI: HTML only messages do not violate internet standards. It's quite standards compliant, as the minimum is RFC2822, which has no requirement about the content other than the character set it's written in.

The MIME standards (which are entirely optional) do not require duplicate text and html versions of a message either. There are several MIME content types, of which only multipart/alternative is intended for duplicate content with degraded formatting such as separate text and html versions, and in this case the actual formats can be anything, eg they could be a text version and an MS Word version, without an HTML version.

Re:Remote images?

[thePowerOfGrayskull]

Well - the overhead isn't big in terms of size - but when you have 18 different images linked to from offsite, it becomes a whole different issue. (And that's just for normal 'catalog'/advert emails that get sent out, not counting this lame tracking silliness.)

Re:html-only email

[ion.simon.c]

...I have my mail software set up so it bounces html-only email (that it doesn't think is spam) back to the sender with an error message explaining that html-only email violates internet standards.

Um. I'm unaware of any IETF standard regarding HTML-formatted email transmission. Unless you can link me to such a standard, there is no violation.
Also, you are an ass. Additionally, if you're unable to configure an MUA produced in the last five years to correctly render HTML email, you're a fucking moron.

Re:Remote images?

[Kompressor]

Okiedokie, time to add my $0.02 to the pot :-D

The key difference is that backscatter generating SMTP servers accept an email, close the connection with the remote server, realize that there is no local user by that name, and then generate a bounce e-mail (usually, but not always) with the content of the original message. As spammers usually put some unsuspecting third party's e-mail address as the "from" or "reply to", the third party gets the bounce, AKA backscatter.

The other approach is this: mailserver recieves inbound SMTP connection. When the initial chitchat between the mailservers gets to the part where the remote server lists the recipients, our mailserver recognizes that there is no local e-mail address by that name, and promptly rejects the mail. If the remote mailserver is legitimate, it will then generate a bounce itself, which will go to the (hopefully authenticated) person who sent the e-mail. If the remote mail server is a spam bot, it will just go on to the next target in its list.

So, from a backscatter prevention angle, it's better to reject an e-mail that will cause a bounce at the time of the original SMTP connection, instead of accepting it and then generating a bounce locally at a later time.

And Get Off My Lawn, Too!

[maillemaker]

I am not responding to your post in particular, but it is as convenient a spot as any in the sea of "No HTML email!" posts. I use HTML email for one reason: text formatting. I like including underlines and italics in my emails for emphasis. Yes, I can post like I do here on slashdot and use /slashes/ for emphasis in plain text, but come on, this isn't 1980 anymore, you know? At work I frequently embed images in my emails because I am discussing engineering problems and it is frequently useful to include pictures to describe the problem. But the primary reason I use HTML email is for text formatting.