Home page logo

basics logo Security Basics mailing list archives

Re: readnotify.com
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 27 Jan 2006 13:27:50 +0100

On 2006-01-25 Ebeling, Jr., Herman Frederick wrote:
From: Jim Halfpenny, Wednesday, 25 January, 2006 08:58
When you use readnotify.com you send your email to
user () domain com readnotify com and it remails it to use () domain com 
From what I remember readnotify.com remail your message and attach a
web bug i.e. an embedded image link. The image link is on one of
their web servers and this is used to identify when an email is read
and for how long.

To foil it you can block loading images in HTML email. I'm not sure
if this covers the full extent of readnotify.com's tracking. You can
get a free trial of the service so you could sign up and send
yourself some messages.

      What if someone has their client to send E-Mails as only text
format, and not HTML?  Does readnotify.com change the format of an

Yes. They always send it out as HTML only.

      Would closing the preview pane, and then selecting the MSG, and
saving it as a text document defeat their tracking?

Not necessarily. The notification will also be triggered if you view the
saved message with a browser or re-open it into Outlook (or whatever
mail client your users are using) with HTML enabled.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]