EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 19 Apr 2017, 01:34 PM   #1
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 452
Sneaky Read Receipts?

I was recently speaking to a tele-support person at a large firm.
We were discussing new fees etc.
They referred to an email that they had sent last month.
(The email had a pdf attachment - this may or may not be relevant.)

As a matter of interest during the conversation, the tele-support person said they could see that I'd opened that email - which indeed I had.

This peaked my curiosity.
I asked whether they meant they could see that I had opened the email or the pdf or both. They weren't able to confirm - they didn't know the answer. Just that their screen indicated something had been opened. I assume the email.

I use the FM web interface exclusively.
Unlike in Outlook, when using the FM web interface I never see notifications of read-receipts or any options to acknowledge them or ignore them.

I'm wondering how senders can detect whether an email has been opened or not?
I was under the impression that the use of tracking the loading of images was blocked by FM. (I would have loaded the firms logo for sure.)
So maybe there are other ways?
Can anyone shed any light on this?
gardenweed is offline   Reply With Quote

Old 19 Apr 2017, 02:43 PM   #2
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,379
FastMail blocks tracking of loading of images directly in emails. However, when you open attachments, all bets are off.

Most likely, you opened the PDF attachment, and that contained a remote link that was picked up by their system.
BritTim is offline   Reply With Quote
Old 19 Apr 2017, 02:46 PM   #3
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 452
Interesting.
I certainly would have opened the PDF, and probably inside the browser by hitting 'view'.

If I had downloaded the PDF first, and then opened it with say Adobe Reader or similar, would that have defeated the tracking?
gardenweed is offline   Reply With Quote
Old 19 Apr 2017, 03:15 PM   #4
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,851
Quote:
Originally Posted by gardenweed View Post
Interesting.
I certainly would have opened the PDF, and probably inside the browser by hitting 'view'.

If I had downloaded the PDF first, and then opened it with say Adobe Reader or similar, would that have defeated the tracking?
This may be of interest:

https://www.locklizard.com/track-pdf-monitoring/
FredOnline is offline   Reply With Quote
Old 19 Apr 2017, 03:41 PM   #5
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 452
Quote:
Originally Posted by FredOnline View Post
Crikey.
I was under the impression that PDF's were benign.
Now I learn that they can be full of nasty tracking features.

Thanks for the link.

Next stop - learn if one can detect and neutralise tracking PDF's.
gardenweed is offline   Reply With Quote
Old 19 Apr 2017, 05:43 PM   #6
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,051
Arrow Remote image loading

In the Settings>Mail>Preferences>Reading section, look at the Load remote images settings. If allowed, the remote images are loaded through a FastMail IP, not yours. So the sender could determine that the email was opened, but not get your IP or browser type. More at:
https://www.fastmail.com/help/receiv...tecontent.html

Bill
n5bb is offline   Reply With Quote
Old 19 Apr 2017, 06:21 PM   #7
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 452
Quote:
Originally Posted by n5bb View Post
In the Settings>Mail>Preferences>Reading section, look at the Load remote images settings. If allowed, the remote images are loaded through a FastMail IP, not yours. So the sender could determine that the email was opened, but not get your IP or browser type. More at:
https://www.fastmail.com/help/receiv...tecontent.html

Bill
I see what you mean.
My selected setting is the 2nd setting "Load external content from my contacts, otherwise ask".
However in this case I would have manually clicked "load images" in the email because although the sender would not have been in my Address Book, I recognised them as a valid sender.
So I guess the sender would have at least had the possibility to register the email as viewed via this action.
gardenweed is offline   Reply With Quote
Old 19 Apr 2017, 07:54 PM   #8
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,346
Quote:
Originally Posted by n5bb View Post
In the Settings>Mail>Preferences>Reading section, look at the Load remote images settings. If allowed, the remote images are loaded through a FastMail IP, not yours.
Does it apply to PDF's too?
janusz is offline   Reply With Quote
Old 21 Apr 2017, 08:07 AM   #9
TenFour
Member
 
Join Date: Feb 2017
Posts: 72
A bit OT, but I have tried before and determined that for me blocking images doesn't work--too many emails are virtually unreadable today, and many companies do not send proper text versions. I've worked for a large email marketing company and you might be surprised by the amount of information the company and the companies they service learn about you from each email. Unfortunately, not much you can do about it without making your life pretty inconvenient.
TenFour is offline   Reply With Quote
Old 21 Apr 2017, 08:11 AM   #10
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 452
Quote:
Originally Posted by TenFour View Post
A bit OT, but I have tried before and determined that for me blocking images doesn't work--too many emails are virtually unreadable today, and many companies do not send proper text versions..
I agree. Blocking all images makes many news bulletin style emails very ugly and almost unreadable.
gardenweed is offline   Reply With Quote
Old 21 Apr 2017, 05:58 PM   #11
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,346
Quote:
Originally Posted by TenFour View Post
you might be surprised by the amount of information the company and the companies they service learn about you from each email.
Could you be more specific as to what information can be learned this way?
janusz is offline   Reply With Quote
Old 22 Apr 2017, 06:46 AM   #12
TenFour
Member
 
Join Date: Feb 2017
Posts: 72
Quote:
Could you be more specific as to what information can be learned this way?
Typical reporting shows when, where (roughly), and how you opened the email (device and software), what you clicked on, how long you read the email. That information will be aggregated over time, explaining why I almost never receive much in the way of email overnight--instead it arrives first thing in the morning when I first check email for the day. In some cases a company may allow the email service provider to link directly to the company database in order to pull lists, etc. This might allow the email service provider to read any information related to the subscribers stored in that database.
TenFour is offline   Reply With Quote
Old 22 Apr 2017, 10:24 PM   #13
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,346
Quote:
Originally Posted by TenFour View Post
Typical reporting shows when, where (roughly), and how you opened the email (device and software), what you clicked on, how long you read the email.
Oh yes, indeed very personal and sensitive, nay intimate, details
janusz is offline   Reply With Quote
Old Yesterday, 12:10 PM   #14
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,051
Quote:
Originally Posted by janusz View Post
Oh yes, indeed very personal and sensitive, nay intimate, details
Don't dismiss this issue too quickly. This was a very controversial a few years ago when Facebook combined "Big Data" with this feature:
https://en.m.wikipedia.org/wiki/Facebook_Beacon
These web beacon images can interact with exiisting cookies and return browser version and your IP address, further assisting the email sender from tracking your behavior. For example, they might guess that two different people are at the same household and sometimes sharing the same PC but at other times using different PC's. The problem isn't just one piece of information about you, it's the accumulation of a dossier on you over months of data accumulation. A scammer in a third world country can do this for very low cost.

In addition to uses by advertisers and others you know to track you opening their emails, spammers and phishers can send you many differently designed emails and see which ones evade your email spam filters and are actually opened. And if they send emails to two or more addresses which interact with their cookies they know that computer is associated with those different email addresses. So now they know the computer they can associate with an easily known name on social media or via other means is now associated with that email account you thought was not so easily trackable.

The bad guys can also just send out random dictionary spam to a domain (such as a FastMail-owned domain or your private domain) and see which addresses exist (because you downloaded the beacon image). This would be like walking along the street and someone comes up to you and says, "Hi, Sam, good to see you after so many years." They will be ignored or told "Wrong person" by nearly all they encounter, but finally they find a Sam. So now they know that person's name, and another scammer can the next day try get more personal details from Sam by trying random ploys. It's like the old trick of "cold reading", where someone can use several somewhat random guesses to find our something about you, then fool you into revealing more that you realized. In this case, you have no idea the scammers are building a profile on you.

I'm not saying that this happens every day in your incoming email, but scammers are going to try every trick which advertisers have developed to build a detailed profile of who is associated with a particular email address. When this is automated and appears in what appears to be spam from different sources (even though it might be the same scammer using different types of phishing from different countries) you won't realize that you have been compromised. Criminals are very ingenious.

Bill
n5bb is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 04:29 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy