Checking To See If Someone Read Your Email
from the yeah,-but-how-does-it-work... dept
USA Today is talking about a new service called DidTheyReadIt that claims it can tell you whether or not anyone is opening emails that you’ve sent, how long they spend with the emails and whether or not they forward them on. It’s a for-fee service that requires you to send all of your email through their server. Basically, you append a didtheyreadit.com to the end of every email that you send, and their server does whatever black magic it does and passes the email on – at which point you can track it. Jeremy Wagstaff has been writing about them over the past few days and expressed plenty of concerns over the offering. He already uses a similar product – but which lets you clearly tell people that you’re tracking what they do with the email. He’s also worried about the company, especially since their other products are all about spying on people as well – such as a keylogger. Would you trust such a company to have all of your email on their server? The founder of DidTheyReadIt replied to him in two separate parts that do little to ease the concerns. This is the type of thing that people are (as the USA Today article points out) likely to flip out about – at the same time many will be intrigued to use it themselves. The thing that I wonder about, however, is how does it actually work? I’m guessing it needs to stick some sort of HTML bug into the email – a popular trick among spammers to determine whether or not you’ve opened their email and are “a live one.” Of course, these days, you simply shouldn’t use HTML email – at least not initially until you know a message is “safe.” So, despite the fact that the service claims it works on “all” email systems, I wonder how well it actually works on anyone who avoids HTML-based emails. With new email systems like Gmail which smartly make anyone go through an extra step to view HTML-based email (though, they should set up rules to allow HTML email from a certain address), others may follow suit – especially if people get concerned about services like DidTheyReadIt.
Comments on “Checking To See If Someone Read Your Email”
Conceivably, I could just cut & paste anything from an email and place it in a new one. In that case, the program wouldn’t know that I chose to forward on text from an email to a 3rd party.
How it works, notes, etc.
I just trialed the freebie version.
As I think everyone would have guessed, this is a silly little web bug, nothing more.
A plaintext test message was turned into multipart/alternative, with an html/text version appended. In the appended version, there is something that looks like this (text broken up – the comment software doesn’t seem to like to EXTRAN image links):
– The message was relayed through:
They strip recieved headers before this relay.
I think I’ll be adding a de-mimer for this domain – I have some users who insist on using stupid HTML-capable MUAs.
– I wonder what’s up with the executable “background tracker”. From the description, it would appear to be an SMTP proxy, but given the nature of the company, I wonder what else they’re up to.
– The TOS has the usual we-can-spam you agreement: “you expressly agree to receive offers and promotions which may include opportunities to purchase, join and/or participate in products, services and/or programs offerend by Rampell Software’s third-party marketing partners, and you acknoledge and agree that Rampell Software may share your reistration information with these third-party companies.”
Re: How it works, notes, etc.
Did you check to see if they also add an attachment containing a virus that installs their keylogger?
Ack, it ate the image tag again
Here’s the another try:
i m g s r c = “h t t p ://didtheyreadit.com/index.php/worker?code=3afdcba44396136a1d81369e1 5211c2e” width=”1″ height=”1″
Re: Ack, it ate the image tag again
The code is a 32 character string. So we can put md5sum to use:
CODE=`date | md5sum | cut -d ” ” -f 1`
wget -O /dev/null http://didtheyreadit.com/index.php/worker?code=$CODE
Re: Re: Unoriginal app
this has been done, actually better than these guys did it by ReadNotify.com. They a web interface as well as an Outlook plugin to track who’s read you mail, how long they had it open, etc. They use the 1×1 image (blocked by the new outlook 2003, of course) but also things like inline frames and CSS script references back to their servers in order to see if the mail has been opened. Too bad SpamAssassin reads all this as multiple red flags and sends all the mail you send out into the trash!
This is a technology that is doomed to be short lived, either through the advent of Email V2 (email by authentication) or through the spread of new email clients that don’t process CSS/HTML tags.
Re: Ack, it ate the image tag again
i m g s r c = “h t t p ://didtheyreadit.com/index.php/worker?code=3afdcba44396136a1d81369e1 5211c2e”
Time to add didtheyreadit.com to my hosts file.
Soon to be Useless
The latest versions of Outlook provide the ability to turn off the display of images (and Web bugs), so soon this will be useless as Outlook rollouts proliferate.
The newest versions of Outlook also notify you when a sender has requested a read reciept, which turned out to be an eye-opener for me!
we use groupwise, and it can tell you when someone opened your e-mail, replied, fwd, or trashed it.
my wife uses groupwise at her job, and once replied to an e-mail from her boss, replacing her boss’s address with mine(it was basically a “check this out from my boss” e-mail). her boss saw that my wife replied to her e-mail, but her boss never recieved the e-mail(because she sent it to me) and asked my wife for an explanation!
E-mail Sentinel Pro can be downloaded for free and strips HTML from your e-mails. I heard about it on TechTV a couple months ago and have been using it ever since.
What's the problem
I work as a bounty hunter and didtheyreadit.com has helped me several times to track down a location. You see, you have to see the good things first!
HAHA @ anonymous email
Sick one; good luck with your bounty hunting LOL
how about spypig.com? It’s a free email tracking tool.
I used to use service from didtheyreadit. But I have moved to a free service from http://whoreadme.com/