Slashdot Mirror
User Not Found, Email Drops Silently
shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."
it primarily depends upon the recipients who don't know any better than to use all sorts of unsafe mail clients who allow such tricks to be played on them. as long as these comprise the majority, that business model is sustainable.
so this is not a privacy issue but a security issue.. and it's much older than 2000.
As far as I am aware, Gmail was the first mainstream e-mail service/client that did not load remote images automatically. Before then, these tracking products were plausible, but fortunately most clients I am aware of have followed suit and ruined the business plan.
Now, the only way to truly track e-mails is to request the user click on a link to an external website to read the message. I don't know many people who would do this without suspicion.
I therefore recommend blacklisting (in your MTA and web proxy) readnotify.com, pointofmail.com, e-mail-servers.com, didtheyreadit.com, mailinfo.com, and msgtag.com. I welcome any additions to this list.
I should also mention that those who use superior mail clients -- e.g., mutt -- can avoid being spied on by these abusers. I strongly recommend using such clients, or configuring other lesser clients so that they do not cooperate.
Is there actually an email client that runs Javascript? Even recent versions of Outlook wont (and even can't - Word has no Javascript interpreter!) and I'm sure that Thunderbird wouldn't be that stupid.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I use readnotify. Not on every email, but some important ones. Since I have to deal with continuing education and am constantly taking classes I find that readnotify is useful for covering my ass.
True story, I took an online course in Fall 07. I submitted my final to the prof. via email at his request. Neither the email or the attachment was ever opened and readnotify is extremely reliable for this particular prof. I still got a 4.0 so I'm not complaining.
load "$",8,1
Here's a way to do hypertargeted tracking to a gmail client, buy an adword for some made up many character 'word' like asdjhfgkjbadjghiougscvo and then include it at the end of or embedded in the html of an email. Then just view the stats on the adword. If you are smart enough there is generally a way to do things to the majority of people who are non-paranoid. Personally that's why I like things like Mozilla and Thunderbird, their defaults are set by people who ARE paranoid =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Several years ago, I helped save someone some money by tracking where a particular person actually was via email. Realizing a tracking image in an email was unreliable, I also added a tracking image into a word document... which doesn't have any protection against loading images from remote servers.
Long story short - the person was on the other side of the world to where they were claiming to be based on their IP address.