RE: Today's Suck...

From: Lisa Dusseault (lisa@xythos.com)
Date: Thu Jan 18 2001 - 12:35:12 PST


I'd also note, though, that it is perfectly within the theoretical
capabilities of email readers to disable webbugs. This would be another
user preference setting that would indicate whether or not the user
wished to automatically download missing images in HTML email. The HTML
viewer could replace the missing images with "Click here to download
image", or some such thing.

Note also, that text email may contain links which allow you to be
tracked. If I were a email spammer, I mean advertiser, I would put
tempting links such as
http://bogus.joke.site.com/joke.asp?id=1234567890. My server-side code
would have some way of matching the seemingly innocuous id number to the
target of the email, thus verifying that the recipient was valid, human,
had read the message and in fact clicked on the link. I'd then start
charging 10x the normal amount for such a good email address!

Of course, text-based mail readers don't go to those links
automatically. That's the real idiot feature -- that email clients
supporting HTML will load up linked images automatically if they're
online. That's the only thing that allows webbugs in email to work so
well.

lisa

> -----Original Message-----
> From: Robert S. Thau [mailto:rst@ai.mit.edu]
> Sent: Thursday, January 18, 2001 11:47 AM
> To: Joseph S. Barrera III
> Cc: 'Brian Clapper'; fork@xent.com
> Subject: RE: Today's Suck...
>
>
> Joseph S. Barrera, III writes:
> > Oops, wrong hat. Let's try
> >
> > http://www.xyweb.com/rfc/rfc2298.html
> >
> > ... with, of course, the caveat that you
> > can't really EVER design a protocol that
> > will prove that the targeted reader actually
> > read the message.
>
> Note, from section 2.1:
>
> While Internet standards normally do not specify the behavior of
> user interfaces, it is strongly recommended that the user agent
> obtain the user's consent before sending an MDN. This consent
> could be obtained for each message through some sort of prompt or
> dialog box, or globally through the user's setting of a preference.
> The user might also indicate globally that MDNs are never to be
> sent or that a "denied" MDN is always sent in response to a request
> for an MDN.
>
> Also, unlike web bugs, this mechanism does not allow a doubleclick-ish
> tracking system to connect an actual email address with a previously
> anonymous browser cookie.
>
> In any case, this particular memo is from 1998; maybe I'm not looking
> hard enough, but from where I sit, it isn't exactly setting the world
> on fire.
>
> rst



This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:18:53 PDT