Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: www.readnotify.com

From: "Dan Denton" <ddenton () PAYLESSOFFICE com>
Date: Fri, 27 Jan 2006 09:11:12 -0600
It was my understanding that the overriding issue was not to block the
emails entirely, but to prevent the accessing of the hidden image so as
not to show the email was read. 

I'll concede that you would have to know the addresses of the web
servers providing the image, but since no one has yet provided those,
I'd say the tactic of blocking web access to readnotify.com is a good
place to start (or if you happen to look at the HTML source, block
domain name of the target image). 

With the various ways spammers use to spoof the source of an email, I
think it would be more difficult to rely solely on the blocking of the
email to solve your problem. 

-----Original Message-----
From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] 
Sent: Thursday, January 26, 2006 8:53 PM
To: Dan Denton; Larry Offley
Cc: security-basics () securityfocus com
Subject: RE: www.readnotify.com


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com]
Sent: Thursday, 26 January, 2006 17:25
To: Larry Offley; hfebelingjr () lycos com
Cc: security-basics () securityfocus com
Subject: RE: www.readnotify.com

: Would not the easiest way to block the notification be to block access
: to that URL/Address entirely on your gateway device (router, proxy,
: etc...)? Blocking access to that address should block the accessing of
: the image, therefore no access to the image would be logged on their
: server.
: 
: Dan Denton
: Information Technology Manager, CCNA
: Pay-LESS Office Products
: 
: 
: 
: -----Original Message-----
: From: Larry Offley [mailto:lucullus () telus net]
: Sent: Wednesday, January 25, 2006 2:43 AM
: To: hfebelingjr () lycos com
: Cc: security-basics () securityfocus com
: Subject: Re: www.readnotify.com
: 
: 
: Yes and no. First we need to know how they know you read your e-mail.
I
: common way is the use of a "Web bug" these usually consist of a small
: 1x1 image file usually the same color as the back ground of a html
: e-mail message or transparent. This method is easy and works on all
: platforms (Linux/mac/pc). If you use a mail client that doesn't auto
: download referenced images, then the server hosting the image can't
: tell you have read the message. Read the provided wiki link for more
on
: the subject.
: 
: Wiki on web bugs   http://en.wikipedia.org/wiki/Webbug
: 
: Larry Offley
: 
: Ebeling, Jr., Herman Frederick wrote:
: : -----BEGIN PGP SIGNED MESSAGE-----
: : Hash: SHA1
: : 
: : Does anyone know anything about a web site called
: : (http://www.readnotify.com/)?  If so does anyone know of anyway to
: : prevent it from sending it's return receipts to the sender?
: : 
: : Herman
: : Live Long and Prosper
: :  ___________________          _-_
: :  \==============_=_/ ____.---'---`---.____
: :              \_ \    \----._________.----/
: :                \ \   /  /    `-_-'
: :            __,--`.`-'..'-_
: :           /____          ||-
: :                `--.____,-'
: : 
: : -----BEGIN PGP SIGNATURE-----
: : Version: PGP 8.0.3
: : 
: : iQA/AwUBQ9Vl5B/i52nbE9vTEQI9XgCg3Nhg6Fvo0Eb8SNifD9BPzKSM4csAnivR
: : LPCQGjXz9OhMxTZBZHXwZBQM =IEYv
: : -----END PGP SIGNATURE-----

Dan,

        Wouldn't one need to know ALL of their server's names in order
to be sure that they've blocked ALL routes back to www.readnotify.com ?
I mean just blocking http://www.readnotify.com isn't going to be enough,
is it?

        And how would one go about "blocking" their so-called
"self-destructing" E-Mails, or sender revocable E-Mails?  As well as how
would one go about getting "around" their E-Mails that are suppose to
prevent the recipient from either forwarding, or printing out of an
E-Mail?

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com

iQA/AwUBQ9l9WR/i52nbE9vTEQIXvwCgzb4Ow/re93tZnDdVXBNaLNEGWd0An3As
K8D7hFwHWUU1MvQ3jj8vA2ex
=jgqJ
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: