Dan Gilmore wrote last month about a troubling issue where seemlingly legitimate companies are now participating in making more SpyMail. SpyMail isn’t new. Its been used by spammers for a long while. But now some otherwise seemlingly legitimate companies are trying to make businesses out of it….
What is SpyMail? SpyMail is the attempt by hackers, spammers, or unscrupulous people to learn more about your mail reading habits. Some companies claim that there is a legitimate use – so that the sender can know if you read the email or not. But, if its legitimate, why is it covert? Why not use the Read-Receipts feature that the receiver can see explicitly. There is no doubt in my mind that these products are clearly out to do harm. When something is veiled in secrecy, its almost always for illegitimate purposes.
What kinds of information can people collect using SpyMail? Quite a lot, actually. Turns out you can easily get:
– Knowledge of if the recipient read the email or not
– When the recipient read the email
– If the recipient forwarded the email to someone else and to whom
– The operating system of the recipient
– Version information about the recipient’s computer
– The IP address of the recipient
– The location of the recipient (tracked loosely by IP location finding)
– More.
Wow. Thats pretty dangerous. Since I write plugins for Outlook, I just may write a plugin to kill these SpyMail guys.
Outlook 2003 already has a feature to protect you from SpyMail. By default, it doesn’t load HTML images for this very purpose. You have to manually download the images you want. Its a little cumbersome, but at least it works.
Oh yeah – who are the spymailers? Here are the villains that offer these services in the name of “features”. The fact that they would dare build this indicates that they are unscrupulous, greedy, ignorant and shameless. Get the idea?
http://www.didtheyreadit.com/
http://www.msgtag.com/ (a little better because the recipient can see that the message is tagged, but the recipient still doesn’t get a chance to block it before its too late)
Also found this:
Recommendations for rule filters to prevent email from spymail:
http://eric.blognews.com/blog/_archives/2004/5/23/75026.html