Home page logo
/

basics logo Security Basics mailing list archives

Re: www.readnotify.com
From: Chris Poldervaart <chris.listserv () comcast net>
Date: Sat, 4 Feb 2006 07:22:54 -0700

I must be coming into this conversation a bit late...so I don't know if this has been covered yet, but simply choosing not to display images in the email will also circumvent the read/notify process.

I open ALL messages in plain text under normal circumstances. I sent myself a test message, opened it (plain text), and then checked the readnotify site. There was no indication that the message was ever opened.

I then sent myself a second message, and "displayed pictures" within the message, and received instant feedback that my message was opened.

The read/notify service imbeds a picture of single pixel size, among other things, that effectively acts as a call home when the picture is displayed (since it resides on their servers).

Here is some content of the test message (NOTE: My email was simple text message of 5 words):

<Img moz-do-not-send="true" border=0 height=1 width=3 alt="" lowsrc=""
Src=http://www.r1bjkf5e0krvy8.ReadNotify.com/nocache/r1bjkf5e0krvy9/ footer0.gif><Img moz-do-not-send="true" Border=0 Height=1 Width=2 Alt="" Lowsrc=http://www.readnotify.com/ca/rspr47.gif ><BgSound volume=-10000 Alt='' Lowsrc="" Src=https://tssls.r1bjkf5e0krvyv.ReadNotify.com/nocache/ r1bjkf5e0krvyv/rspr47.wav>
</pre><table height=1 width=3 border=0><tr><td
 background
=http://0320.185.62311/nocache/r1bjkf5e0krvyP/rspr47.gif> </td></ tr></table>

Regards,

Chris

On Jan 30, 2006, at 3:01 PM, Ebeling, Jr., Herman Frederick wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to let ya all know I have been "playing" with www.readnotify.com and
I have recently sent myself two E-Mails, one the "regular" way and one
the "silent" way. Then checked d/led my E-Mail. When I saw the test MSG
that I sent myself, I disconnected from the Internet, then opened said
MSG.  After "reading" said MSG I closed it, and reconnected to the
Internet.  And then went to www.readnotify.com , and their web site
reported that they had NOT been opened yet. . .

So I guess for the time being that that that IS an effective method of
defeating www.readnotify.com 's tracking.

I'm sure that somewhere down the road that www.readnotify.com will figure
away around that, but for now that method works.

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com

iQA/AwUBQ96DCx/i52nbE9vTEQK44wCgo/jcXN3kLkP6RKs7NBfU/MvPtQEAn1rI
c/UJYjbsJsTHzR0VpWYeq6VG
=lOm+
-----END PGP SIGNATURE-----


---------------------------------------------------------------------- -----
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------- -----



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]