Can spammers trace one if one does not go offline prior to deleting spam ?

[Hector13]

Originally posted by: GeneralDisarray
They can easily specify an alternate port in the URL, and if you blocked that one, they could specify a random port and set their web server to listen on all ports.

As some have said above, it's quite simple to GET variables in an image link to identify when someone views your message. Theres no need for different file names. In fact, you dont even need to have a link that looks anything like an image, you can manipulate the MIME headers so something like <a href="http://127.0.0.1/?go=123456">http://127.0.0.1/?go=123456</a> returns an image and IE/Outlook loads it fine. Then in their server a PHP script checks the ID and logs when it was accessed, and if they're smart, watches if you click on the link to see if the advertising was effective.

okay, so only grant access to smtp traffic on port 25 (or whatever port it is on).

 

[Soybomb]

Here's a snip from the 2nd piece of spam i looked at from my spam folder, using web bugs in the html of junk mail is very common. It is also one of the criteria that spam assassin looks for luckily.

HREF="http://spledee.com:8080/track?m=2780019&l=0&.e=1MqGPpJ@AOa4lqp"

 

[Jerry]

Soybomb,
Would this presumably tracking URL / function operate or come alive if the email was not "opened" but just deleted right from outlook with the preview pane not in operation ?

I don't see how it would. ' Look forward to responses.

 

[ViRGE]

If the email is not opened, then the bug is not activated.

 

[GeneralDisarray]

Originally posted by: Hector13

Originally posted by: GeneralDisarray They can easily specify an alternate port in the URL, and if you blocked that one, they could specify a random port and set their web server to listen on all ports. As some have said above, it's quite simple to GET variables in an image link to identify when someone views your message. Theres no need for different file names. In fact, you dont even need to have a link that looks anything like an image, you can manipulate the MIME headers so something like ">http://127.0.0.1/?go=123456">http://127.0.0.1/?go=123456</a> returns an image and IE/Outlook loads it fine. Then in their server a PHP script checks the ID and logs when it was accessed, and if they're smart, watches if you click on the link to see if the advertising was effective.

okay, so only grant access to smtp traffic on port 25 (or whatever port it is on).

You can run a web server on port 25 if you so desire. If only you could disable HTML in Outlook messages.... or just use pine.

 

[oboeguy]

Disable the preview feature and your problem is gone. BTW, I thought there was merely embedded JavaScript to send back "Yes! We found a sucker at this address!", and that it has nothing to do with images. This is why I never open anything remotely spammish and never enable "preview".