PDA

View Full Version : Download image in mail message



Valeria
11-15-08, 05:23 AM
I know that more client doesn't download the images in the mail message
for don't allow the spammer to know that the mail address is active.

Can you tell me how the spammer implements this process?? How Can know
that the mail address is active using a sent message??

Thanks

David H. Lipman
11-15-08, 05:36 AM
From: "Valeria" <vally@libero.it>

| I know that more client doesn't download the images in the mail message
| for don't allow the spammer to know that the mail address is active.

| Can you tell me how the spammer implements this process?? How Can know
| that the mail address is active using a sent message??

| Thanks

It doesn' come back as a failed mail.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Valeria
11-15-08, 07:13 AM
> It doesn' come back as a failed mail.
>

I'm talking about the images not the mail address

Lon
11-15-08, 09:38 AM
David H. Lipman wrote:
> From: "Valeria" <vally@libero.it>
>
> | I know that more client doesn't download the images in the mail message
> | for don't allow the spammer to know that the mail address is active.
>
> | Can you tell me how the spammer implements this process?? How Can know
> | that the mail address is active using a sent message??
>
> | Thanks
>
> It doesn' come back as a failed mail.
>

Hash the email address into the image name and check to see whether an
image by that hashname was requested works much more reliably.

Ari
11-15-08, 10:39 AM
On Sat, 15 Nov 2008 06:36:40 -0500, David H. Lipman wrote:

> From: "Valeria" <vally@libero.it>
>
>| I know that more client doesn't download the images in the mail message
>| for don't allow the spammer to know that the mail address is active.
>
>| Can you tell me how the spammer implements this process?? How Can know
>| that the mail address is active using a sent message??
>
>| Thanks
>
> It doesn' come back as a failed mail.

Or he could be tagging the mail, when opened, a tag returns to Sender.

Valeria
11-16-08, 04:59 PM
> Or he could be tagging the mail, when opened, a tag returns to Sender.


Can you tell me what does that mean?? Can I see an example??

Thanks!!

Valeria
11-16-08, 05:00 PM
> Hash the email address into the image name and check to see whether an
> image by that hashname was requested works much more reliably.


Can you tell me what does that mean??

Can I see an example?

Thanks

Tim Jackson
11-16-08, 06:20 PM
Valeria wrote:
>
>> Hash the email address into the image name and check to see whether an
>> image by that hashname was requested works much more reliably.
>
>
> Can you tell me what does that mean??
>
> Can I see an example?
>
> Thanks
>

The idea is Mr. Bad sends you and a million others an email with a
linked (not embedded) image, each one with a different name for the
image file. He then checks which images his server gets requests for and
figures out what email addresses he sent them to. Those are the ones
that opened (or previewed) his mail and so are good for spamming or
phishing or whatever.

The benefit to him is that his later emails don't get blocked due to
the server spotting that he is writing to many invalid addresses.

If you turn off image download in preview (at least for unrecognised or
unsolicited senders), then he'll see you as probably an invalid address
and not bother you.


Tim Jackson

Beauregard T. Shagnasty
11-16-08, 07:01 PM
Valeria wrote:

>> Or he could be tagging the mail, when opened, a tag returns to
>> Sender.
>
> Can you tell me what does that mean?? Can I see an example??

Embedded in the HTML of the spam would be an image call similar to this:

<img src="http://thespamsite.com/images/spam.jpg?mail=vally@libero.it"
height=1 width=1>

It could also use a key specifically associated with your copy of the
spam, like this one in a spam I got recently:

<img
src="http://letters.carproperty.com/lt/t_go.php?i=46&e=MTMvOGRx&l=open"
width="1" height="1" border="0">

Notice the width and height of just one pixel. You wouldn't even see it.
Meanwhile, the spammer's web server has captured that you have opened
the email, and are a valid live email address.

--
-bts
-Friends don't let friends drive Windows

Ari
11-17-08, 11:22 AM
On Sun, 16 Nov 2008 20:01:08 -0500, Beauregard T. Shagnasty wrote:

> Valeria wrote:
>
>>> Or he could be tagging the mail, when opened, a tag returns to
>>> Sender.
>>
>> Can you tell me what does that mean?? Can I see an example??
>
> Embedded in the HTML of the spam would be an image call similar to this:
>
> <img src="http://thespamsite.com/images/spam.jpg?mail=vally@libero.it"
> height=1 width=1>
>
> It could also use a key specifically associated with your copy of the
> spam, like this one in a spam I got recently:
>
> <img
> src="http://letters.carproperty.com/lt/t_go.php?i=46&e=MTMvOGRx&l=open"
> width="1" height="1" border="0">
>
> Notice the width and height of just one pixel. You wouldn't even see it.
> Meanwhile, the spammer's web server has captured that you have opened
> the email, and are a valid live email address.

E.g app

www.spypig.com

Beauregard T. Shagnasty
11-17-08, 02:13 PM
Ari wrote:

> Beauregard T. Shagnasty wrote:
>> <img
>> src="http://letters.carproperty.com/lt/t_go.php?i=46&e=MTMvOGRx&l=open"
>> width="1" height="1" border="0">
>>
>> Notice the width and height of just one pixel. You wouldn't even see
>> it. Meanwhile, the spammer's web server has captured that you have
>> opened the email, and are a valid live email address.
>
> E.g app
>
> www. spypig. com

Easily circumvented, though.
<quote>
"SpyPig is a free email tracking system that sends you a notification
email as soon as the recipient opens and reads your message.

SpyPig Requirements

Both you and the recipient must use an HTML-formatted email, not a
plain-text or rich-text formatted email. "
</quote>

A couple years ago, I used the contact form at the site of a guy
offering the same service ["only $19.95 per month"], gave him my email
address, and told him to send me a test .. then another as soon as I
read his message. He sent the test, which I read, then waited for 24
hours or so for the confirmation. Never came, so I replied to his
original, quoting his, and asked if I'd read it yet. His reply, "Well,
it works 99.9% of the time."

Read your email in Plain Text mode and that pig will never know. In
addition to reading in HTML, you also have to be online when you read it
to give the notification.

(These comments for clarification only for those who can't figure it
out. <g>)

--
-bts
-Friends don't let friends drive Windows