|
Sneaky Read Receipts?
I was recently speaking to a tele-support person at a large firm.
We were discussing new fees etc. They referred to an email that they had sent last month. (The email had a pdf attachment - this may or may not be relevant.) As a matter of interest during the conversation, the tele-support person said they could see that I'd opened that email - which indeed I had. This peaked my curiosity. I asked whether they meant they could see that I had opened the email or the pdf or both. They weren't able to confirm - they didn't know the answer. Just that their screen indicated something had been opened. I assume the email. I use the FM web interface exclusively. Unlike in Outlook, when using the FM web interface I never see notifications of read-receipts or any options to acknowledge them or ignore them. I'm wondering how senders can detect whether an email has been opened or not? I was under the impression that the use of tracking the loading of images was blocked by FM. :confused: (I would have loaded the firms logo for sure.) So maybe there are other ways? Can anyone shed any light on this? |
FastMail blocks tracking of loading of images directly in emails. However, when you open attachments, all bets are off.
Most likely, you opened the PDF attachment, and that contained a remote link that was picked up by their system. |
Interesting.
I certainly would have opened the PDF, and probably inside the browser by hitting 'view'. If I had downloaded the PDF first, and then opened it with say Adobe Reader or similar, would that have defeated the tracking? |
Quote:
https://www.locklizard.com/track-pdf-monitoring/ |
Quote:
I was under the impression that PDF's were benign. Now I learn that they can be full of nasty tracking features. Thanks for the link. :) Next stop - learn if one can detect and neutralise tracking PDF's. |
Remote image loading
In the Settings>Mail>Preferences>Reading section, look at the Load remote images settings. If allowed, the remote images are loaded through a FastMail IP, not yours. So the sender could determine that the email was opened, but not get your IP or browser type. More at:
https://www.fastmail.com/help/receiv...tecontent.html Bill |
Quote:
My selected setting is the 2nd setting "Load external content from my contacts, otherwise ask". However in this case I would have manually clicked "load images" in the email because although the sender would not have been in my Address Book, I recognised them as a valid sender. So I guess the sender would have at least had the possibility to register the email as viewed via this action. |
Quote:
|
A bit OT, but I have tried before and determined that for me blocking images doesn't work--too many emails are virtually unreadable today, and many companies do not send proper text versions. I've worked for a large email marketing company and you might be surprised by the amount of information the company and the companies they service learn about you from each email. Unfortunately, not much you can do about it without making your life pretty inconvenient.
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
https://en.m.wikipedia.org/wiki/Facebook_Beacon These web beacon images can interact with exiisting cookies and return browser version and your IP address, further assisting the email sender from tracking your behavior. For example, they might guess that two different people are at the same household and sometimes sharing the same PC but at other times using different PC's. The problem isn't just one piece of information about you, it's the accumulation of a dossier on you over months of data accumulation. A scammer in a third world country can do this for very low cost. In addition to uses by advertisers and others you know to track you opening their emails, spammers and phishers can send you many differently designed emails and see which ones evade your email spam filters and are actually opened. And if they send emails to two or more addresses which interact with their cookies they know that computer is associated with those different email addresses. So now they know the computer they can associate with an easily known name on social media or via other means is now associated with that email account you thought was not so easily trackable. The bad guys can also just send out random dictionary spam to a domain (such as a FastMail-owned domain or your private domain) and see which addresses exist (because you downloaded the beacon image). This would be like walking along the street and someone comes up to you and says, "Hi, Sam, good to see you after so many years." They will be ignored or told "Wrong person" by nearly all they encounter, but finally they find a Sam. So now they know that person's name, and another scammer can the next day try get more personal details from Sam by trying random ploys. It's like the old trick of "cold reading", where someone can use several somewhat random guesses to find our something about you, then fool you into revealing more that you realized. In this case, you have no idea the scammers are building a profile on you. I'm not saying that this happens every day in your incoming email, but scammers are going to try every trick which advertisers have developed to build a detailed profile of who is associated with a particular email address. When this is automated and appears in what appears to be spam from different sources (even though it might be the same scammer using different types of phishing from different countries) you won't realize that you have been compromised. Criminals are very ingenious. Bill |
| All times are GMT +9. The time now is 11:50 AM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy