HTML Images Reporting Back to Senders - Mozilla

This is a discussion on HTML Images Reporting Back to Senders - Mozilla ; There was some talk about the possibility of HTML image requests sending information back to the sender indicating that the mail was opened. I believe that the HTML would have to look like this. Is there another way of doing ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: HTML Images Reporting Back to Senders

  1. HTML Images Reporting Back to Senders

    There was some talk about the possibility of HTML image requests sending
    information back to the sender indicating that the mail was opened. I
    believe that the HTML would have to look like this.



    Is there another way of doing it?

    They would need a method of inserting a different address into each
    piece of mail.

    Why can't either a Thunderbird option or a new extension just look for
    this format and optionally strip anything after a ? in an image request?

    --
    Dennis M. Marks

    Disclaimer: The above is my opinion. I do not guarantee it. Be sure to
    back up any files involved and use at your own risk. Batteries not
    included. Not for internal use. Don't run with knives.

  2. Re: HTML Images Reporting Back to Senders

    On Fri, 15 Sep 2006 16:02:39 -0700, in message ,
    Dennis Marks wrote:

    > There was some talk about the possibility of HTML image requests sending
    > information back to the sender indicating that the mail was opened. I
    > believe that the HTML would have to look like this.
    >
    >
    >
    > Is there another way of doing it?



    Yes. Lots and lots of other ways.

    1.

    where "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded

    2.

    where 1735266 is the number of a record in the spammer's private
    database where your email address is stored. No address is in
    the email, and the number 1735266 means nothing without the
    spammer's private database.

    3.

    The "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded.
    The web server software is specially written to extract and
    decode the address from the middle of URL and save it in its database.


    4.

    where 1735266 looks up a record in the spammer's database.
    The web server software is specially written to extract the
    record number from the middle of the URL.

    5.

    The "mja1ndezoao" is an encoded record number on the web server.
    The web server decodes the record number, looks up the record
    which holds your address and a flag to indicate whether the email
    was opened. The web server updates the flag to say that the
    email was opened.


    > They would need a method of inserting a different address into each
    > piece of mail.


    A. The address does not have to be recognizable as an address.
    The address might be encrypted.
    It might not even be an address; it might be just the number of
    a record
    number in the Or it might be a spammer's private database record number,
    one which means nothing without the spammer's private database.

    B. The (encoded) address does not have to come after a ?
    The (encoded) address can be embedded in the middle of a URL.
    The spammer's web server software may be specially written to
    get the address from the middle of the URL.


    > Why can't either a Thunderbird option or a new extension just look for
    > this format and optionally strip anything after a ? in an image request?


    1. Anything after a ? can be an encrypted record number,
    the actual address being only in the spammer's database.

    2. Most anything inside the URL could be encrypted record number,
    the actual address being only in the spammer's database.


    --
    Cheers,
    Ralph

  3. Re: HTML Images Reporting Back to Senders

    Dennis Marks wrote:
    > There was some talk about the possibility of HTML image
    > requests sending information back to the sender indicating that
    > the mail was opened. .... Why can't either a Thunderbird option
    > or a new extension just look for this format and optionally
    > strip anything after a ? in an image request?


    I don't use SpamPal, but, if you do or are willing to try it,
    there's a plugin for it that (among other things) removes the sort
    of 'web bugs' you mentioned.
    http://www.ib-hoebel.de/SpamPal/htmlm_e.htm

  4. Re: HTML Images Reporting Back to Senders

    On 9/15/2006 9:57 PM, Ralph Fox wrote the following and I, Dennis Marks,
    have replied at the bottom:
    > On Fri, 15 Sep 2006 16:02:39 -0700, in message ,
    > Dennis Marks wrote:
    >
    >> There was some talk about the possibility of HTML image requests sending
    >> information back to the sender indicating that the mail was opened. I
    >> believe that the HTML would have to look like this.
    >>
    >>
    >>
    >> Is there another way of doing it?

    >
    >
    > Yes. Lots and lots of other ways.
    >
    > 1.
    >
    > where "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded
    >
    > 2.
    >
    > where 1735266 is the number of a record in the spammer's private
    > database where your email address is stored. No address is in
    > the email, and the number 1735266 means nothing without the
    > spammer's private database.
    >
    > 3.
    >
    > The "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded.
    > The web server software is specially written to extract and
    > decode the address from the middle of URL and save it in its database.
    >
    >
    > 4.
    >
    > where 1735266 looks up a record in the spammer's database.
    > The web server software is specially written to extract the
    > record number from the middle of the URL.
    >
    > 5.
    >
    > The "mja1ndezoao" is an encoded record number on the web server.
    > The web server decodes the record number, looks up the record
    > which holds your address and a flag to indicate whether the email
    > was opened. The web server updates the flag to say that the
    > email was opened.
    >
    >
    >> They would need a method of inserting a different address into each
    >> piece of mail.

    >
    > A. The address does not have to be recognizable as an address.
    > The address might be encrypted.
    > It might not even be an address; it might be just the number of
    > a record
    > number in the Or it might be a spammer's private database record number,
    > one which means nothing without the spammer's private database.
    >
    > B. The (encoded) address does not have to come after a ?
    > The (encoded) address can be embedded in the middle of a URL.
    > The spammer's web server software may be specially written to
    > get the address from the middle of the URL.
    >
    >
    >> Why can't either a Thunderbird option or a new extension just look for
    >> this format and optionally strip anything after a ? in an image request?

    >
    > 1. Anything after a ? can be an encrypted record number,
    > the actual address being only in the spammer's database.
    >
    > 2. Most anything inside the URL could be encrypted record number,
    > the actual address being only in the spammer's database.
    >
    >


    The least we could have is something that would catch the suffix's after
    the ?. Can you think of any legitimate reason for it in email? Some of
    the others could be caught too. Upper and lower case in one of the
    levels, equal sign used, etc. A majority could be caught. There could
    always be an override if someone wants the complete address transmitted
    for a specific email.

    As an alternative there is currently the option to stop all graphics
    from remote sights. Why not have a button that would list all the links
    giving you the option to override the block after optionally seeing the
    links?

    --
    Dennis M. Marks

    Disclaimer: The above is my opinion. I do not guarantee it. Be sure to
    back up any files involved and use at your own risk. Batteries not
    included. Not for internal use. Don't run with knives.

  5. Re: HTML Images Reporting Back to Senders

    On Sat, 16 Sep 2006 07:40:11 -0700, in message ,
    Dennis Marks wrote:

    > On 9/15/2006 9:57 PM, Ralph Fox wrote the following and I, Dennis Marks,
    > have replied at the bottom:
    > > On Fri, 15 Sep 2006 16:02:39 -0700, in message ,
    > > Dennis Marks wrote:
    > >
    > >> There was some talk about the possibility of HTML image requests sending
    > >> information back to the sender indicating that the mail was opened. I
    > >> believe that the HTML would have to look like this.
    > >>
    > >>
    > >>
    > >> Is there another way of doing it?

    > >
    > >
    > > Yes. Lots and lots of other ways.
    > >
    > > 1.
    > >
    > > where "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded
    > >
    > > 2.
    > >
    > > where 1735266 is the number of a record in the spammer's private
    > > database where your email address is stored. No address is in
    > > the email, and the number 1735266 means nothing without the
    > > spammer's private database.
    > >
    > > 3.
    > >
    > > The "eW91cmFkZHJlc3NAeHh4LmNvbQ" is your email address encoded.
    > > The web server software is specially written to extract and
    > > decode the address from the middle of URL and save it in its database.
    > >
    > >
    > > 4.
    > >
    > > where 1735266 looks up a record in the spammer's database.
    > > The web server software is specially written to extract the
    > > record number from the middle of the URL.
    > >
    > > 5.
    > >
    > > The "mja1ndezoao" is an encoded record number on the web server.
    > > The web server decodes the record number, looks up the record
    > > which holds your address and a flag to indicate whether the email
    > > was opened. The web server updates the flag to say that the
    > > email was opened.
    > >
    > >
    > >> They would need a method of inserting a different address into each
    > >> piece of mail.

    > >
    > > A. The address does not have to be recognizable as an address.
    > > The address might be encrypted.
    > > It might not even be an address; it might be just the number of
    > > a record
    > > number in the Or it might be a spammer's private database record number,
    > > one which means nothing without the spammer's private database.
    > >
    > > B. The (encoded) address does not have to come after a ?
    > > The (encoded) address can be embedded in the middle of a URL.
    > > The spammer's web server software may be specially written to
    > > get the address from the middle of the URL.
    > >
    > >
    > >> Why can't either a Thunderbird option or a new extension just look for
    > >> this format and optionally strip anything after a ? in an image request?

    > >
    > > 1. Anything after a ? can be an encrypted record number,
    > > the actual address being only in the spammer's database.
    > >
    > > 2. Most anything inside the URL could be encrypted record number,
    > > the actual address being only in the spammer's database.
    > >
    > >

    >
    > The least we could have is something that would catch the suffix's after
    > the ?. Can you think of any legitimate reason for it in email?



    Yes I can. Subscribed-to email catalogues, where the company
    chooses to store its images in a database, not as flat files
    on a web server. The URL is something like this
    http://newcambridgecatalogue.com/Sta...4913&promo=917
    The stuff after the ? are the parameters for the database lookup.


    > Some of
    > the others could be caught too. Upper and lower case in one of the
    > levels,


    Do you have any good reason to believe that upper and lower case in
    one of the levels will actually catch images reporting back? And that
    it won't catch more legitimate URLs than bad ones?


    > equal sign used, etc.


    And likewise for equals sign?

    You should do some research of your own, instead of simply throwing
    ideas into the air and expecting someone else to do homework for you.


    > A majority could be caught.


    If you're only stopping a "majority" you are still confirming
    your email address to the big spamhauses.


    > There could
    > always be an override if someone wants the complete address transmitted
    > for a specific email.




    > As an alternative there is currently the option to stop all graphics
    > from remote sights.


    You won't catch a sight of graphics from remote sites if they are stopped. ;-)


    > Why not have a button that would list all the links
    > giving you the option to override the block after optionally seeing the
    > links?



    --
    Cheers,
    Ralph

+ Reply to Thread