Page 1 of 1

Is This a Spam Tool

Posted: Fri Jan 14, 2005 5:33 pm
by dstefani

Code: Select all

<IMG id=3D_x0000_i1025 = height=3D480=20 src=3D"cid:image001.jpg@01C4FA37.2CC108D0"=20 width=3D640>
I have heard about putting 'tracers' in HTML mail that lets the sender know who opened the message. IE:

Code: Select all

<img src= "http://www.spam.com/saveinfo.php?sentTo=you@yourhost.com" width=1 height="1" border="0">
The first code snippet is from a sample HTML mail that a customer whats me to look into replicating. This particular one was sent using PHPlist.
Would you say that the top img tag is like a SPAM tracer?

Thanks,

- dstefani

Posted: Fri Jan 14, 2005 5:41 pm
by feyd
the top one uses CID, which is the internal referencing of attached images. It is not a tracer... at least that I know of.

Posted: Fri Jan 14, 2005 8:15 pm
by magicrobotmonkey
hey, I've heard of spammers using these image tracer deals to validate email addresses as well. Its why GMail opens emails without displaying external images until told to do so. I'm not sure how they are used though.

Posted: Fri Jan 14, 2005 10:03 pm
by timvw
a very simplisitic tracking thingie would look like


table (user_id, email);

send mail to user with <img src="someimage.php?user_id=xxxx">

and then in our someimage.php we mark that the $_GET['user_id'] is reading the e-mail, and we output the image to show in the mail..

now we can spam all those marked user_ids....

Posted: Sat Jan 15, 2005 8:49 am
by magicrobotmonkey
those bastards!

Posted: Sat Jan 15, 2005 10:15 am
by timvw
luckily mozilla e-mail etc have an option to not load external stuff already a few years.... and i think that even outlook express has that option since win xp sp1....

but then again, i don't know how they handle javascript that generates some extra html ...