Senji (senji) wrote,
Senji
senji

  • Mood:

On spam, bbc news, and maliciousness.

ankaret posted a locked article expressing befuddlement at this BBC news article expressing befuddlement about:
You shouldn't open a spam e-mail, because as soon as you open the e-mail up, it notifies the organisation that has sent that, saying this is a valid e-mail address. They know how long you've looked at it, when you looked at it and did you go back to it.

My reply has got rather long, and I'm sure some of my friends can add to it, so I thought I'd make it a post rather than a comment.

Firstly some mail clients (of which I know Outlook is one) have a facility whereby if the incoming mail has an appropriate header they will send a "read receipt" to the sender to say that you've read the email. This feature can reportedly be turned off, and I don't know what the default setting is. I think it's unlikely that spammers are using it, and I haven't noticed anything suspicious like that in spams I'm getting.

Secondly emails which appear to have attachments may instead have a link to a website or ftp site rather than the actual content of the attachment, so if the attachment is opened (deliberately or automatically) the contents will be downloaded and appropriate log entries made which could identify which addresses worked. However this feature (which is a really cool and useful feature and people should use it more for real attachments!) is rarely used and by now most people know not to open attachments.

Thirdly if you have HTML email, or some other kind of email display which tells your email client to go get subsidiary documents, then the email can ask for documents stored on third-party websites to be included which can also produce useful log entries for determining if you've read the email. Whilst images are commonly cited as the example here it is also possible that external CSS stylesheets or javascript scripts can be downloaded in a similar manner. This kind of tracking will, depending on web caching arrangements and firewalls, provide useful information to the spammer when you first look at the email, and possibly on later occasions (although the downloaded documents may well be cached for speed or offline access meaning that they can't guarantee to find out about repeat accesses).

Fourthly, none of the above methods address the question of whether they can find out how long you've looked at the spam for, or rather none of the above methods easily permit that. However a suitably "AJAX"-like javascript script, and I have no idea if any modern email clients will handle such, could itself make repeated requests of a suitable URL which the spammer could then analyse and say "The script requested the page every minute between 12:00 and 12:10 so we can assume that that target looked at the spam for at least 10 minutes".

Anyone who views rendered HTML email (as opposed to the source code) is at risk of methods three and four unless they've disabled all downloading of included content - not just images but external javascript and CSS, and possibly other things that I haven't thought of. I don't know which email clients download such content either at all or by default. I would seriously recommend not viewing HTML email in rendered form at all. As a further note the Outlook 'preview' window will download images at least so should be counted as "viewing" in this context.
Tags: ankaret, geeky, reply, spam
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 4 comments