Preview Pane: (Was Re: wri adult supersite ocdjygnex)
Gerald Combs
gerald at ethereal.com
Fri Apr 11 03:33:38 CDT 2003
On Thu, 10 Apr 2003, Monty J. Harder wrote:
> > addy. Even opening the email does exactly the same thing. In our
> system,
> > as soon as someone opens an email (even in the preview pane) I know that
> > their addy is valid, and it's kept as valid for future use.
>
> I'm curious. How, exactly, do you get this information?
Easy. Pretend you're a spammer. For each address in your database
associate a random string, e.g. "A45HNP54QRR" for "mcurie at iaea.org".
When you send a message to that address include a customized link, like
so:
<img src="http://evil.spammer.com/images/A45HNP54QRR.jpeg">
Make "/images/" point to a piece of code that yanks the string between
"/images/" and ".jpeg", and queries it against a database.
When mcurie opens your message in her fancy HTML-enabled mail client (or
even has her preview pane enabled), your image link gets loaded and you
know you have a valid address.
Mozilla users can work around this via "Preferences->Privacy & Security->
Do not load remote images in Mail & Newsgroup messages". This has never
been a concern for Pine and Mutt users. AFAIK there is no clean fix for
Outlook or OE.
More information about the Kclug
mailing list