Security Basics mailing list archives

RE: readnotify.com

From: "HTRegz" <htregz () aoaddicts net>
Date: Wed, 25 Jan 2006 03:21:25 -0500

Hey Hey,

ReadNotify (for standard emails) using 1x1 tracking to follow your
message... it inserts a 1 pixel by 1 pixel image into the HTML of the email
(If you're using Outlook for example, right click and go to View Source),
you'll see the location to that image. When this image is accessed, the
email is considered read. (so for example
hfebelingjr () lycos com readnotify com) would ask you to send a read receipt
and you would say no... but then if your mail viewer retrieved images by
default, the user would still receive a read receipt. 

There is also the option of sending an email to
hfebelingjr () lycos com silent readnotify com in this case when you open it,
you will not be asked to send a read receipt but if you tell it to download
images... it will notify the user that it has been read... 

Best way to disable/prevent it... don't download images on your emails...
You can check your message headers (if it's not silent... and you do get a
read receipt request and you'll see X-Read-Notification: Courtesy of
ReadNotify.com - http://www.<garbage>.readnotify.com) With the silent one,
you have to look at the source... The following code is added to the email. 

----SNIP----
<div alt="v2beqz3u2r6vj1."><pre>&nbsp;</pre><pre>
<br><Img moz-do-not-send="true" border=0 height=1 width=3 alt="0" lowsrc=""
Src=http://www.<garbage>.ReadNotify.com/nocache/<garbage>/footer0.gif><Img
moz-do-not-send="true" Border=0 Height=1 Width=2 Alt="" 
Lowsrc=http://www.readnotify.com/ca/rspr47.gif ><BgSound volume=-10000
Alt='' Lowsrc="" 
Src=https://tssls.<garbage>.ReadNotify.com/nocache/<garbage>/rspr47.wav>
</pre><table height=1 width=3 border=0><tr><td
 background
 =http://0320.185.62311/nocache/v2beqz3u2r6vjP/rspr47.gif>
</td></tr></table>
----END SNIP----

So basically preventing images from downloading... I apologize for the
rambling in there... it's late... Hopefully you understood all of this.

Peace,
HT


-----Original Message-----
From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] 
Sent: Monday, January 23, 2006 7:46 PM
To: security-basics () securityfocus com
Subject: readnotify.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does anyone know anything about a web site called
(http://www.readnotify.com/)?  If so does anyone know of anyway to
prevent it from sending it's return receipts to the sender?

Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ9Vl5B/i52nbE9vTEQI9XgCg3Nhg6Fvo0Eb8SNifD9BPzKSM4csAnivR
LPCQGjXz9OhMxTZBZHXwZBQM
=IEYv
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 1/23/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 1/23/2006
 


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: www.readnotify.com, (continued)
- - - RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
  - Re: readnotify.com Larry Offley (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 25)
    - RE: readnotify.com evb (Jan 25)
    - RE: readnotify.com evb (Jan 27)
  - Re: readnotify.com Jim Halfpenny (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
    - Re: readnotify.com Saqib Ali (Jan 27)
    - RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
    - Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 27)
  - RE: readnotify.com HTRegz (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- PGP 8.0 Ebeling, Jr., Herman Frederick (Jan 24)
- Re: vnc server Albert Gonzalez (Jan 24)
- Re: vnc server ilaiy (Jan 24)
- Re: vnc server Robert J. Stull (Jan 25)
- Re: vnc server phunked up! (Jan 25)
- Re: vnc server xyberpix (Jan 30)
- Re: vnc server hytham . a (Jan 24)
  - Re: vnc server Scott C. Best (Jan 26)
- RE: vnc server Steveb (Jan 25)

(Thread continues...)