Slashdot Mirror

← Back to Stories (view on slashdot.org)

User Not Found, Email Drops Silently

Posted by timothy on from the silent-but-obnoxious dept.

shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."

26 of 292 comments (clear)

  1. Remote images? by simcop2387 · · Score: 5, Insightful

    What about decent clients that won't automatically load remote images and don't support javascript?

    1. Re:Remote images? by rm999 · · Score: 4, Interesting

      As far as I am aware, Gmail was the first mainstream e-mail service/client that did not load remote images automatically. Before then, these tracking products were plausible, but fortunately most clients I am aware of have followed suit and ruined the business plan.

      Now, the only way to truly track e-mails is to request the user click on a link to an external website to read the message. I don't know many people who would do this without suspicion.

    2. Re:Remote images? by pthor1231 · · Score: 4, Informative

      Hotmail doesn't loaded remote images, and would even prevent you from clicking on a link if the sender was unknown. They have been doing this for quite a while.

    3. Re:Remote images? by Anonymous Coward · · Score: 5, Informative

      Gmail was certainly not the first. I know that Rocketmail(now Yahoo!) and Hotmail had this feature long before Google as a company even existed.

    4. Re:Remote images? by Smauler · · Score: 5, Insightful

      html mail is not a big overhead necessarily. All it is a markup language, and it only adds small amounts to emails if used well. If used poorly, it's diabolical. Blame the sender, not the medium - html emails do have their place.

      Also, anyone who lets their mail reader access _any_ unkown outbound html connections is asking for trouble.

    5. Re:Remote images? by Kalriath · · Score: 4, Interesting

      Is there actually an email client that runs Javascript? Even recent versions of Outlook wont (and even can't - Word has no Javascript interpreter!) and I'm sure that Thunderbird wouldn't be that stupid.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    6. Re:Remote images? by lostguru · · Score: 4, Insightful

      Ah, but most people don't read email using a client, they use a browser and a html frontend provided by their service (gmail, yahoo, msn) in which case the browser will run javascript.

      --
      Jayne: "These are stone killers, little man. They ain't cuddly like me."
      98% of America's teens drink alcohol, smok
    7. Re:Remote images? by afidel · · Score: 4, Interesting

      Here's a way to do hypertargeted tracking to a gmail client, buy an adword for some made up many character 'word' like asdjhfgkjbadjghiougscvo and then include it at the end of or embedded in the html of an email. Then just view the stats on the adword. If you are smart enough there is generally a way to do things to the majority of people who are non-paranoid. Personally that's why I like things like Mozilla and Thunderbird, their defaults are set by people who ARE paranoid =)

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    8. Re:Remote images? by cayenne8 · · Score: 4, Insightful
      "If you hate HTML so much, how come you use the web?

      HTTP is based on HTML and you seem to be OK with using Slashdot. Why not use a proper markup language to format email messages? "

      Because they are two distinctly different things. Email is not a webpage....a webpage is designed exactly for html presentation. Email is text messaging...it wasn't originally meant to be marked up, it was to be read as simple plain text.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    9. Re:Remote images? by uncqual · · Score: 4, Insightful

      Email is a just a communication tool - nothing more, nothing less.

      Before IM and text messaging were ubiquitous, email served these roles along with the role of communicating more complicated (and often less transient) information. The IM and text messaging roles are now partially (and often better) addressed by other tools now.

      While I hate HTML email laden with gratuitous and distracting images and formatting, appropriate use of formatting and inclusion of images helps communicate information more quickly and accurately. For example, appropriate use of bold text can highlight exceptional information very nicely without adding additional verbiage to a message. Similarly, a graph can communicate information much more quickly than the data in raw text form (for example in an emailed "release bug status" report).

      The problem, of course, is that anything can be abused and become less effective. People used to abuse ASCII email by trying to make graphs in ASCII and used tabs - these were inevitably screwed up during display (esp. when included in another message).

      Email has evolved. Our connectivity has evolved (remember the days of 110 "baud" modems?). To say that email should be restricted to 20 year old technology (maybe even including the speed of transmission?) at the expense of effective communications makes as much sense as saying that manuals should still be restricted to printed copies from line printer output (in monospaced font!) -- and that updates should be done via regularly distributed change pages).

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  2. If you send me an email, those bits are MINE by Anonymous Coward · · Score: 4, Funny

    Try to prevent me from forwarding or printing those bits, and I'll do it just to spite your sniveling ass.

    And there's NO way to stop me. If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish, and I take offense at any attempts to prevent me from doing just that.

  3. Doesn't matter. by khasim · · Score: 4, Insightful

    Since their business model depends upon selling their "service" to people who don't know anything about email other than "click to send" ...

  4. Only if your mail client is severely misconfigured by Idaho · · Score: 5, Informative

    Thunderbird defaults to asking when someone asks for a return receipt; I always change the setting to not even ask but simply never to send them. It is nobodies business to know whether, not to mention when I have first opened their e-mail (which is also, by the way, not the same thing as actually reading it).

    In addition, you should set your client to never download external images. This should solve about 99% of these "exploits". As far as I can remember, the company mentioned uses a transparent/invisible image on an intentionally slowed down server that feeds the image byte by byte; usually, mail clients disconnect/cancel the download once you click another message.

    I can only imagine "preventing" forwarding to work with really retarded mail clients (I think we all know the one I'm talking about).

    The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

    --
    Every expression is true, for a given value of 'true'
  5. Did you get it? by RidcullyTheBrown · · Score: 5, Informative
    I am amused by the ways people treat different technologies. I see people who assume that email delivery is perfect and instantaneous, and get upset if their message is delayed or doesn't reach the destination. The same people will follow up a fax with a phone call to confirm the recipient got it. There appears to be no difference in the importance of the messages involved, so perhaps it is a generational (in terms of the technology) thing.

    The other thing I see around here is the people who request a receipt (we use Outlook) when they send a global email to all 1500 users on the system. Most of them only do it once.

  6. more importantly, by Escogido · · Score: 5, Interesting

    it primarily depends upon the recipients who don't know any better than to use all sorts of unsafe mail clients who allow such tricks to be played on them. as long as these comprise the majority, that business model is sustainable.

    so this is not a privacy issue but a security issue.. and it's much older than 2000.

  7. I also wondered about Gmail by HangingChad · · Score: 4, Insightful

    I run all my pop accounts through GMail. Images don't load automatically and I keep javascript on a short leash. So, do those services have some kind of techno-magic or are they just spying on the weak, the lame and the infirm?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  8. Why it can't work by Anonymous Coward · · Score: 4, Informative

    Here's a good summary of why such plans won't work:
    http://theamigo.blogspot.com/2007/07/expiring-email-no-not-really.html

    1. Re:Why it can't work by Just+some+bastard · · Score: 4, Interesting

      Here's a good summary of why such plans won't work:
      Here's another one: http://www.sox-online.com/act_section_802.html
  9. html-only email by bcrowell · · Score: 4, Insightful

    As various people have pointed out, this would only really work if you sent html-only email, and if the recipient was guaranteed to have client software that executed javascript or something. I use mutt, a text-only email reader, and I have my mail software set up so it bounces html-only email (that it doesn't think is spam) back to the sender with an error message explaining that html-only email violates internet standards. I've never understood why anyone sends html-only email. Seems hard to believe that there would be service providers so clueless that they'd make html-only the default, and it also seems hard to believe that people would be clueless enough to want to send html-only email, but clueful enough to switch to html-only if it wasn't the default.

    I have to admit that the concept of being able to get a return receipt for email has a certain allure. Recently, for example, my boss got pissed off at me and made a big scene because he thought I hadn't notified him about something. I happened to have a copy of the email in which I notified him, and I also happened to have saved his reply to it. But what if I hadn't saved the reply, or if he hadn't replied?

    A lot of people send CYA emails, e.g., "Okay, this is to confirm that you want me to put the uranium in the crisper drawer of the fridge, and that you take responsibility for the results." But the recipient can pretend he never got it.

    --
    Find free books.
    1. Re:html-only email by martin-boundary · · Score: 5, Informative
      Just a little clarification FYI: HTML only messages do not violate internet standards. It's quite standards compliant, as the minimum is RFC2822, which has no requirement about the content other than the character set it's written in.

      The MIME standards (which are entirely optional) do not require duplicate text and html versions of a message either. There are several MIME content types, of which only multipart/alternative is intended for duplicate content with degraded formatting such as separate text and html versions, and in this case the actual formats can be anything, eg they could be a text version and an MS Word version, without an HTML version.

  10. Links to actual services by e+r+i+k+0 · · Score: 5, Informative

    I'm surprised the author didn't link to the actual services:

    • ReadNotify FAQ - doesn't seem to give too much actual info on how it works, but looks like it's a combination of images hosted on the ReadNotify server with tracked downloads, rewritten links to go through ReadNotify servers to add log entries, and some other things I couldn't guess immediately.
    • MessageTag seems to just be an image hosting service which tracks image downloads.

    Both seem to be easily defeated; indeed, the ReadNotify FAQ mentions that the "invisible" tracking service (which I assume means that it just includes the tracking images in the message) may be unreliable.

  11. Blacklisting the abusers by Arrogant-Bastard · · Score: 5, Interesting
    It is clear that readnotify and their ilk are engaged in abusive activities: we would not tolerate the equivalent with snail-mail, and so we should of course not tolerate it with email, either. These abusers are only one step removed from spam and spyware, and should therefore of course be blacklisted permanently.

    I therefore recommend blacklisting (in your MTA and web proxy) readnotify.com, pointofmail.com, e-mail-servers.com, didtheyreadit.com, mailinfo.com, and msgtag.com. I welcome any additions to this list.

    I should also mention that those who use superior mail clients -- e.g., mutt -- can avoid being spied on by these abusers. I strongly recommend using such clients, or configuring other lesser clients so that they do not cooperate.

  12. CYA by fishthegeek · · Score: 5, Interesting

    I use readnotify. Not on every email, but some important ones. Since I have to deal with continuing education and am constantly taking classes I find that readnotify is useful for covering my ass.

    True story, I took an online course in Fall 07. I submitted my final to the prof. via email at his request. Neither the email or the attachment was ever opened and readnotify is extremely reliable for this particular prof. I still got a 4.0 so I'm not complaining.

    --
    load "$",8,1
  13. Re:copyright by palegray.net · · Score: 5, Insightful

    Please cite a case where copyright law was used to prosecute someone for forwarding an email.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  14. email image tracking by geoff_smith82 · · Score: 4, Interesting

    Several years ago, I helped save someone some money by tracking where a particular person actually was via email. Realizing a tracking image in an email was unreliable, I also added a tracking image into a word document... which doesn't have any protection against loading images from remote servers.

    Long story short - the person was on the other side of the world to where they were claiming to be based on their IP address.

  15. And Get Off My Lawn, Too! by maillemaker · · Score: 4, Informative

    I am not responding to your post in particular, but it is as convenient a spot as any in the sea of "No HTML email!" posts. I use HTML email for one reason: text formatting. I like including underlines and italics in my emails for emphasis. Yes, I can post like I do here on slashdot and use /slashes/ for emphasis in plain text, but come on, this isn't 1980 anymore, you know? At work I frequently embed images in my emails because I am discussing engineering problems and it is frequently useful to include pictures to describe the problem. But the primary reason I use HTML email is for text formatting.

    --
    A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.