Re: [linuxiran] Any good email security mailing list?!!

[ocean]

--- Arash Partow <address@hidden> wrote:
> Hi, 
> 
> Its not fully an illusion, the way such things work
> is by placing 
> a url in a html image tag pointing to a cgi script
> with the 
> recipient's name or some kind of ID which will refer
> to the 
> recipient. The theory is when the e-mail is opened
> in html mode, 
> the html engine will go to the link to get the image
> (really a 
> cgi script) the cgi script is then invoked, it takes
> the params of the 
> tag, either makes a record in some kind of db
> (actual db or 
> simple text file) or even sends an e-mail of
> notification to the 
> sender, once thats complete it pumps out either the
> location of the 
> real image to stdout or pumps the image's binary to
> stdout with 
> its image identifier as the header.
> 
> This only works with e-mail clients that actively
> render html 
> (ie: out-look, and any web based e-mail client (ie:
> hotmail, 
> yahoo etc..)) However I've noted before that
> web-based clients 
> such as horde, neomail, squirrel do not actively
> render html.
> 
> This was/is a way that spammers verify e-mail
> addresses they 
> place an image in the e-mail they send using a html
> image tag, 
> and pass an id as a parameter, that id results in an
> e-mail 
> address in their DBs once the image with that id has
> been grabbed 
> off their server that event is recorded, from that
> they make their 
> e-mail list CDs and sell it to other spammers, hence
> making 
> another avenue for income.
> 
> If you like I can send you a script that I have
> developed which 
> will demonstrate this idiotic tactic for you.

Well thanks for the offer; I'll take it.


 As far
> as 
> applications go I really don't know of any specific
> apps that 
> will do it.

They call it <email receipt> (as I found the term by
chance) and there are a bunch of softwares written for
it(as I found again by chance) most of which are for
that other >os<! I can observe them to find out more.

 But I more than sure if you go into some
> spammer chat 
> channels you'll be able to get info on that. you
> could also try 
> joining the securityfocus.com ML
> 
> 
> 
> Regards
> 
> 
> 
> Arash 
> 
>  
> __________________________________________________
> Be one who knows what they don't know,
> Instead of being one who knows not what they don't
> know,
> Thinking they know everything about all things.
> http://www.partow.net
>  
> 
>  
> 
> ----- Original Message ----- 
> From: "ocean" <address@hidden>
> To: "li" <address@hidden>
> Sent: Sunday, January 18, 2004 7:16 AM
> Subject: [linuxiran] Any good email security mailing
> list?!!
> 
> 
> > Hi
> > 
> > Might seem a stupid question to ask here..
> > But some time ago when I was surfing download.com
> I
> > came across a software which claimed to be capable
> of
> > informing you when your email has been opened by
> the
> > recipient!! I've forgotten the name of the
> software
> > and I don't know exactly where I should post this
> > rather ODD question so...
> > Is it possible or it's just an illusion?
> > 
> > Cheers
> > 
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Hotjobs: Enter the "Signing Bonus"
> Sweepstakes
> > http://hotjobs.sweepstakes.yahoo.com/signingbonus
> > 
> > 
> > _______________________________________________
> > bna-linuxiran mailing list
> > address@hidden
> >
>
http://mail.nongnu.org/mailman/listinfo/bna-linuxiran
> > 
> > 
> 
> 
> _______________________________________________
> bna-linuxiran mailing list
> address@hidden
>
http://mail.nongnu.org/mailman/listinfo/bna-linuxiran


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus