Security Basics mailing list archives
RE: www.readnotify.com
From: "Dan Denton" <ddenton () PAYLESSOFFICE com>
Date: Fri, 27 Jan 2006 09:11:12 -0600
It was my understanding that the overriding issue was not to block the emails entirely, but to prevent the accessing of the hidden image so as not to show the email was read. I'll concede that you would have to know the addresses of the web servers providing the image, but since no one has yet provided those, I'd say the tactic of blocking web access to readnotify.com is a good place to start (or if you happen to look at the HTML source, block domain name of the target image). With the various ways spammers use to spoof the source of an email, I think it would be more difficult to rely solely on the blocking of the email to solve your problem. -----Original Message----- From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] Sent: Thursday, January 26, 2006 8:53 PM To: Dan Denton; Larry Offley Cc: security-basics () securityfocus com Subject: RE: www.readnotify.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] Sent: Thursday, 26 January, 2006 17:25 To: Larry Offley; hfebelingjr () lycos com Cc: security-basics () securityfocus com Subject: RE: www.readnotify.com : Would not the easiest way to block the notification be to block access : to that URL/Address entirely on your gateway device (router, proxy, : etc...)? Blocking access to that address should block the accessing of : the image, therefore no access to the image would be logged on their : server. : : Dan Denton : Information Technology Manager, CCNA : Pay-LESS Office Products : : : : -----Original Message----- : From: Larry Offley [mailto:lucullus () telus net] : Sent: Wednesday, January 25, 2006 2:43 AM : To: hfebelingjr () lycos com : Cc: security-basics () securityfocus com : Subject: Re: www.readnotify.com : : : Yes and no. First we need to know how they know you read your e-mail. I : common way is the use of a "Web bug" these usually consist of a small : 1x1 image file usually the same color as the back ground of a html : e-mail message or transparent. This method is easy and works on all : platforms (Linux/mac/pc). If you use a mail client that doesn't auto : download referenced images, then the server hosting the image can't : tell you have read the message. Read the provided wiki link for more on : the subject. : : Wiki on web bugs http://en.wikipedia.org/wiki/Webbug : : Larry Offley : : Ebeling, Jr., Herman Frederick wrote: : : -----BEGIN PGP SIGNED MESSAGE----- : : Hash: SHA1 : : : : Does anyone know anything about a web site called : : (http://www.readnotify.com/)? If so does anyone know of anyway to : : prevent it from sending it's return receipts to the sender? : : : : Herman : : Live Long and Prosper : : ___________________ _-_ : : \==============_=_/ ____.---'---`---.____ : : \_ \ \----._________.----/ : : \ \ / / `-_-' : : __,--`.`-'..'-_ : : /____ ||- : : `--.____,-' : : : : -----BEGIN PGP SIGNATURE----- : : Version: PGP 8.0.3 : : : : iQA/AwUBQ9Vl5B/i52nbE9vTEQI9XgCg3Nhg6Fvo0Eb8SNifD9BPzKSM4csAnivR : : LPCQGjXz9OhMxTZBZHXwZBQM =IEYv : : -----END PGP SIGNATURE----- Dan, Wouldn't one need to know ALL of their server's names in order to be sure that they've blocked ALL routes back to www.readnotify.com ? I mean just blocking http://www.readnotify.com isn't going to be enough, is it? And how would one go about "blocking" their so-called "self-destructing" E-Mails, or sender revocable E-Mails? As well as how would one go about getting "around" their E-Mails that are suppose to prevent the recipient from either forwarding, or printing out of an E-Mail? Herman Live Long and Prosper ___________________ _-_ \==============_=_/ ____.---'---`---.____ \_ \ \----._________.----/ \ \ / / `-_-' __,--`.`-'..'-_ /____ ||- `--.____,-' -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBQ9l9WR/i52nbE9vTEQIXvwCgzb4Ow/re93tZnDdVXBNaLNEGWd0An3As K8D7hFwHWUU1MvQ3jj8vA2ex =jgqJ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: www.readnotify.com Dan Denton (Jan 27)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)