[Previous entry: "software design"] [Main Index] [Next entry: ""]

05/20/2004 Archived Entry: "Did they read it? - email tracking"

A friend sent me this news item about DidTheyReadIt.com, a company which promises to let you know when and where a recipient reads an email you send him. Alarmed? You should be -- but don't worry, it's easy to block.

DidTheyReadIt uses an old spammer's trick: they bury, in HTML formatted email, an "invisible" image link.* If you use Mozilla and click "view source," you can see this. Here's a test email I received:


To: *deleted*
Subject: test message
Date: Thu, 20 May 2004 12:38:37 -0400 (EDT)
From: *deleted*
Mime-version: 1.0
Content-Type: multipart/alternative;
boundary="=_6b4b3c1e5a44b4040aaa72dd1dc0d9d2"

This is a multi-part message in MIME format.
--=_6b4b3c1e5a44b4040aaa72dd1dc0d9d2
Content-Type: text/plain;
charset="us-ascii"

Test, 1, 2, 3

--=_6b4b3c1e5a44b4040aaa72dd1dc0d9d2
Content-Type: text/html;
charset="us-ascii"

Test, 1, 2, 3<br />
<br />
<br />
<br><img src="http://didtheyreadit.com/index.php/worker?code=975af232ce8820b15f32cd21cbe17ec2" width="1" height="1" />
--=_6b4b3c1e5a44b4040aaa72dd1dc0d9d2--

That "img src" tag at the bottom does the work. When your email reader fetches this 1x1 pixel image, it tells DidTheyReadIt.com that you've read the message, and the IP address of your computer. From this they deduce your physical location.

If you've been following my email advice, you're safe from this. Here are the relevant bits of advice again:

1. Use an email program that lets you read your email as plain ASCII text.

2. If you must use HTML email, use an email program (like Mozilla) that lets you disable images in the email.

If you use web-based email like Hotmail or Yahoo, you may be out of luck. I don't know if they'll allow you to disable image loading. You might try disabling images in your browser...whether this will work depends on how Hotmail/Yahoo pass the image link through to you.

You could also try using something like Proxy Auto Configuration to block access to didtheyreadit.com. But the DidTheyReadIt folks can get around this by changing their domain name, or by using a numeric IP address. Better just to read your email in ASCII.

brad

*Addendum: I've just learned that such a hidden image link is called a "web bug." And there's another outfit, messagetag.com, which is offering a similar service (and which I believe can be blocked the same way).

Powered By Greymatter