Saturday 17 August 2013

Peek-a-boo, I see you

When talking to a spammer, he seemed quite sure that he knew how many people had read his spam. But how can that be? I know that when I receive or open an email, nothing is sent back to the sender.

Then I thought, and it works like this.

I use pine to read email. That shows me the text of emails, it isn't a browser. But pretty much everyone else, reads their email in their browser; Internet Explorer, Firefox, Chrome or whatever. That means that you opened their spam in your browser, and if you have javascript enabled, which I suspect most people do, because most web sites need it in order to work, then it's easy to write a script that will contact the spammer's server and send a code that corresponds to your email address.

But it doesn't even need javascript.

When you load the spam, it will load various graphics, and they can come from anywhere, including from the spammer's server. If the file name of one of the graphics includes a code that translates to your email address, then the spammer's server logs will tell him that you opened the spam. And, of course, the fact that you opened the spam, confirms to him that there's a human being reading the spam going to that address.

And that, of course, makes your email address more valuable for resale, so it will be sold more vigorously, and at a higher price.

So there's the lesson. If you get a spam that gets you curious about what it might be, then opening it tells your spammer that you're awake and reading his spam. And you'll get even more spam.

And, of course, if you click on the "unsubscribe" link, any honourable spammer will stop sending you spam. Sadly, not all spammers are honourable.

No comments:

Post a Comment