--- Arash Partow <[EMAIL PROTECTED]> wrote: > Hi, > > Its not fully an illusion, the way such things work > is by placing > a url in a html image tag pointing to a cgi script > with the > recipient's name or some kind of ID which will refer > to the > recipient. The theory is when the e-mail is opened > in html mode, > the html engine will go to the link to get the image > (really a > cgi script) the cgi script is then invoked, it takes > the params of the > tag, either makes a record in some kind of db > (actual db or > simple text file) or even sends an e-mail of > notification to the > sender, once thats complete it pumps out either the > location of the > real image to stdout or pumps the image's binary to > stdout with > its image identifier as the header. > > This only works with e-mail clients that actively > render html > (ie: out-look, and any web based e-mail client (ie: > hotmail, > yahoo etc..)) However I've noted before that > web-based clients > such as horde, neomail, squirrel do not actively > render html. > > This was/is a way that spammers verify e-mail > addresses they > place an image in the e-mail they send using a html > image tag, > and pass an id as a parameter, that id results in an > e-mail > address in their DBs once the image with that id has > been grabbed > off their server that event is recorded, from that > they make their > e-mail list CDs and sell it to other spammers, hence > making > another avenue for income. > > If you like I can send you a script that I have > developed which > will demonstrate this idiotic tactic for you.
Well thanks for the offer; I'll take it. As far > as > applications go I really don't know of any specific > apps that > will do it. They call it <email receipt> (as I found the term by chance) and there are a bunch of softwares written for it(as I found again by chance) most of which are for that other >os<! I can observe them to find out more. But I more than sure if you go into some > spammer chat > channels you'll be able to get info on that. you > could also try > joining the securityfocus.com ML > > > > Regards > > > > Arash > > > __________________________________________________ > Be one who knows what they don't know, > Instead of being one who knows not what they don't > know, > Thinking they know everything about all things. > http://www.partow.net > > > > > ----- Original Message ----- > From: "ocean" <[EMAIL PROTECTED]> > To: "li" <[EMAIL PROTECTED]> > Sent: Sunday, January 18, 2004 7:16 AM > Subject: [linuxiran] Any good email security mailing > list?!! > > > > Hi > > > > Might seem a stupid question to ask here.. > > But some time ago when I was surfing download.com > I > > came across a software which claimed to be capable > of > > informing you when your email has been opened by > the > > recipient!! I've forgotten the name of the > software > > and I don't know exactly where I should post this > > rather ODD question so... > > Is it possible or it's just an illusion? > > > > Cheers > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Hotjobs: Enter the "Signing Bonus" > Sweepstakes > > http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > > > > _______________________________________________ > > bna-linuxiran mailing list > > [EMAIL PROTECTED] > > > http://mail.nongnu.org/mailman/listinfo/bna-linuxiran > > > > > > > _______________________________________________ > bna-linuxiran mailing list > [EMAIL PROTECTED] > http://mail.nongnu.org/mailman/listinfo/bna-linuxiran __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus _______________________________________________ bna-linuxiran mailing list [EMAIL PROTECTED] http://mail.nongnu.org/mailman/listinfo/bna-linuxiran
