[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NHBBKOKFNKAIECDLOKDCMEPJEOAA.alerta@redsegura.com>
From: alerta at redsegura.com (Alerta Redsegura)
Subject: leaking
In the specific case we are talking about here:
1. Somebody sends a message to the list from a web-based e-mail service.
2. All messages sent from this web-based e-mail service have a banner.
3. The banner is an "img" tag with an "a href" to click on it.
4. The banner is not shown via "script" tags.
5. Neither the sender nor the web-based e-mail service have the list e-mail
addresses: the message is sent to the list address!
Now, I repeat the question:
How can the web-based email service in this particular case, gather email
addresses from the members of this list via this banner?
------
Aaron Peterson wrote:
>You don't _collect_ email addresses (they obviously already have it if they
>are sending you email with it, ;) But you can verify email addresses with
>it.
>
>The easiest would be to put a hash or some other identifier of the users
>email address in the url for the image, then have mod_rewrite rewrite the
>url (or not, who cares... you just wanted to verify the email address was
>good) to an actual image on your system, and log the embeded info and
>compare to your known addresses.
------
Jimmy Kuijpers wrote:
>The beatch is probably collecting our addresses for spam.
------
I?igo Koch
Red Segura
Powered by blists - more mailing lists