A peek inside ReadNotify
Recently the service ReadNotify has been in the news as it was used to track emails and documents sent during the recent HP spying scandal. I'd heard of ReadNotify before but never played with it, but since they offer free accounts I signed up and sent myself some emails. Here's what I found inside those messages.
Using ReadNotify couldn't be simpler. Once you've registered your From address with the service you can send email through it by appending .readnotify.com to the email of the person you are writing to. For example, to send a tracked email to me (XXX@gmail.com) you'd send it to XXX@gmail.com.readnotify.com. ReadNotify will add their tracking features to the message and forward it to the real recipient.
To test the service I sent the following email to a email address on Hotmail. The email was sent from my regular email address via ReadNotify. The email was composed in Mozilla Thunderbird which I have configured to send only plain text email. (Throughout this blog post I have obscured details in the messages by replacing private information with XXX or 123).
Original message:
What Hotmail received:
Not only has my little plain text email become an HTML mail but there's a whole lot of additional stuff in the message that enables ReadNotify to track my receipt and opening of the message.
Going over to the ReadNotify UI shows the two message that I sent and when they were last opened.
Clicking on one of the messages gives details of when and where the message was opened. The physical location was absolutely correct.
The company can also track attachments such as Microsoft Word documents and PDF files with similar accuracy.
Using ReadNotify couldn't be simpler. Once you've registered your From address with the service you can send email through it by appending .readnotify.com to the email of the person you are writing to. For example, to send a tracked email to me (XXX@gmail.com) you'd send it to XXX@gmail.com.readnotify.com. ReadNotify will add their tracking features to the message and forward it to the real recipient.
To test the service I sent the following email to a email address on Hotmail. The email was sent from my regular email address via ReadNotify. The email was composed in Mozilla Thunderbird which I have configured to send only plain text email. (Throughout this blog post I have obscured details in the messages by replacing private information with XXX or 123).
Original message:
Date: Tue, 03 Oct 2006 13:20:03 +0200
From: John Graham-Cumming <XXX@XXX.XXX>
Reply-To: XXX@XXX.XXX
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040208
Thunderbird/0.5 Mnenhy/0.6.0.104
MIME-Version: 1.0
To: XXX@hotmail.com.readnotify.com
Subject: A test of this email tracking service to a hotmail account
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I'd like to see how this works.
John.
What Hotmail received:
Received: from esmtp.emsvr.com ([208.185.251.19]) by
bay0-mc3-f7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 3 Oct 2006 04:21:24 -0700
Received: from esmtp.emsvr.com (localhost.localdomain [127.0.0.1])
by esmtp.emsvr.com (8.13.6/8.12.11) with ESMTP id k93BKLB1030009
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <XXX@hotmail.com>; Tue, 3 Oct 2006 11:20:22 GMT
Received: (from mail@localhost)
by esmtp.emsvr.com (8.13.6/8.12.11/Submit) id k93BKLoY030003
for XXX@hotmail.com; Tue, 3 Oct 2006 11:20:21 GMT
Resent-Date: Tue, 3 Oct 2006 11:20:21 GMT
Resent-Message-Id: <200610031120.k93BKLoY030003@esmtp.emsvr.com>
Resent-From: XXX@XXX.XXX.ddntqqiabybpiiv.emsvr.com
Received: from [66.249.92.168] by emsvr.com [208.185.251.19]
for <XXX@hotmail.com>
on-behalf-of XXX@gmail.com; Tue Oct 3 11:20:19 2006
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
by esmtp (8.13.6/8.12.11) with ESMTP id k93BKDi8029929
for <XXX@hotmail.com>; Tue, 3 Oct 2006 11:20:14 GMT
Received: by ug-out-1314.google.com with SMTP id t30so548551ugc
for <XXX@hotmail.com>; Tue, 03 Oct 2006 04:20:07 -0700 (PDT)
Received: by 10.67.121.15 with SMTP id y15mr3639480ugm;
Tue, 03 Oct 2006 04:20:07 -0700 (PDT)
Received: from ?192.168.1.2? ( [10.254.8.232])
by mx.gmail.com with ESMTP id e33sm6037799ugd.2006.10.03.04.20.05;
Tue, 03 Oct 2006 04:20:06 -0700 (PDT)
Message-ID: <45224763.50301@XXX.XXX>
Date: Tue, 03 Oct 2006 13:20:03 +0200
From: John Graham-Cumming <XXX@XXX.XXX>
Reply-To: "XXX@XXX.XXX" <XXX@XXX.XXX>
Usr-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040208
Thunderbird/0.5 Mnenhy/0.6.0.104
To: XXX@hotmail.com
Subject: A test of this email tracking service to a hotmail account
Sender: John Graham-Cumming <XXX@XXX.XXX>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Disposition-Notification-To: "them"
<XXX@XXX.XXX.ddntqqiabybpiic.emsvr.com>
X-Confirm-Reading-To: XXX@XXX.XXX.ddntqqiabybpiic.emsvr.com
Return-Receipt-To: XXX@XXX.XXX.ddntqqiabybpiic.emsvr.com
Notice-Requested-Upon-Delivery-To: XXX@XXX.XXX.ddntqqiabybpiiv.emsvr.com
Errors-To: XXX@XXX.XXX.ddntqqiabybpiiv.emsvr.com
X-Read-Notification: Courtesy of ReadNotify.com -
http://www.r7vkv5yav10gu1.ReadNotify.com
Return-Path: XXX@XXX.XXX.ddntqqiabybpiiv.emsvr.com
X-OriginalArrivalTime: 03 Oct 2006 11:21:24.0793 (UTC)
FILETIME=[0FBED290:01C6E6DE]
<HTML><HEAD>
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</HEAD><BODY><DIV></DIV><DIV>I'd like to see
how this works.
</DIV><DIV>
</DIV><DIV>John.
</DIV>
<div alt="r7vkv5yav10gu1."><pre> </pre><pre>
<br><Img moz-do-not-send="true" border=0 height=1 width=3 alt=""
lowsrc=""
Src=http://www.r7vkv5yav10gu8.ReadNotify.com/nocache/r7vkv5yav10gu9/footer0.gif>
<Img moz-do-not-send="true" Border=0 Height=1 Width=2 Alt=""
Lowsrc=http://www.readnotify.com/ca/rspr47.gif ><BgSound volume=-10000
Alt='' Lowsrc=""
Src=https://tssls.r7vkv5yav10guv.ReadNotify.com/nocache/r7vkv5yav10guv/rspr47.wav>
</pre><table height=1 width=3 border=0><tr><td
background
=http://0320.185.64275/nocache/r7vkv5yav10guP/rspr47.gif> </td>
</tr></table>
<BODY bgColor="#ffffff;background-image:
url(http://www.r7vkv5yav10gum.ReadNotify.com/lis/r7vkv5yav10guq/rspr74.gif)" bgColor="#FFFFFF">
</div><div><title> A test of this email tracking service to
a hotmail account </title>
<title>‏
[snipped 10s of lines like this]
‏
<title> A test of this email tracking service to a hotmail account
</title>
</div alt="r7vkv5yav10gu1."></BODY></HTML>
Not only has my little plain text email become an HTML mail but there's a whole lot of additional stuff in the message that enables ReadNotify to track my receipt and opening of the message.
- The message headers contain no less than six different requests that receipt of the message be reported back to ReadNotify. Specifically, it contains the header Disposition-Notification-To, X-Confirm-Reading-To, Return-Receipt-To, Notice-Requested-Upon-Delivery-To, Errors-To and X-Read-Notification. All of these go to the address XXX@XXX.XXX.ddntqqiabybpiic.emsvr.com where the XXX@XXX.XXX is my obscured email address and the ddntqqiabybpiic is a unique string generated for just this message.
- That seem unique address also appears in the Return-Path and Resent-From header. All these headers mean that ReadNotify can watch the progress of my message as it passes from server to server just because the servers will be checking information from these headers thus acting as a beacon showing which IP addresses looked at the message.
- The message body contains four separate web bugs using a standard image, a background sound, a background image on a table and a background image on the body using CSS.
The background image is <img send="true" alt="" lowsrc="" src="http://www.r7vkv5yav10gu8.ReadNotify.com/" border="0" height="1" width="3" /> where the r7vkv5yav10gu8 is unique to this message.
The background sound is <bgsound volume="-10000" alt="''" lowsrc="" src="%20https://tssls.r7vkv5yav10guv.ReadNotify.com/ nocache/r7vkv5yav10guv/rspr47.wav">. Notice the volume being set to -10000 so that there's no sound at all and the same unique string in the path to get the sound.
The table contains a <td> tag with a background image using the same unique string: <td background= http://0320.185.64275/nocache/r7vkv5yav10guP/rspr47.gif>
Finally, the same unique string appears in the <body> tag using CSS <BODY bgColor="#ffffff;background-image:url(http://www.r7vkv5yav10gum. ReadNotify.com/lis/r7vkv5yav10guq/rspr74.gif)" bgColor="#FFFFFF"> - Finally, there's that large block of stuff at the end written using HTML entities. In fact it consists of preciesly four different invisible HTML entities repeated over and over again: ‏ (right-to-left-mark), ‏ (left-to-right-mark), ‌ (zero-width non-joiner) and ‍ (zero-width joiner). There's clearly a pattern there, but I'm not sure of its purpose, perhaps it's yet another unique identifier on the message.
Going over to the ReadNotify UI shows the two message that I sent and when they were last opened.
Clicking on one of the messages gives details of when and where the message was opened. The physical location was absolutely correct.
The company can also track attachments such as Microsoft Word documents and PDF files with similar accuracy.
Labels: pseudo-randomness
posted by John Graham-Cumming at 12:45 PM
1 Comments:
Check this you will get all answer here http://www.ietf.org/rfc/rfc2111.txt
Regards-
Thinkit.co.nr
Post a Comment
Links to this post:
Create a Link
<< Home