Forgot your password?
typodupeerror
Privacy Communications The Internet Your Rights Online

Testing didtheyreadit.com's Mail-Tracking Claims 400

Posted by timothy
from the fantastic-claims-require-extraordinary-evidence dept.
iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more.
"This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"

The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.

This discussion has been archived. No new comments can be posted.

Testing didtheyreadit.com's Mail-Tracking Claims

Comments Filter:
  • Link doesn't work (Score:5, Informative)

    by fatwreckfan (322865) on Sunday May 23, 2004 @05:27PM (#9233041)
    Here's a working link: http://www.didtheyreadit.com/ [didtheyreadit.com].
  • How it 'works' (Score:5, Informative)

    by ZiZ (564727) * on Sunday May 23, 2004 @05:27PM (#9233042) Homepage
    This is nothing more than off-site image tracking, as has been seen in spam for ages and ages. Here's an example of the image it adds:

    <img src="http://didtheyreadit.com/index.php/worker?cod e=2f985e815bd2b46450e 07957611ab6c9" width="1" height="1" /> So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default. (It was nice enough to leave my plain-old-text message - "blah blah blah" - alone in the original format, as well as adding a text/html mangled version.)

    • Re:How it 'works' (Score:3, Informative)

      by agm (467017) *
      Evolution has this feature as well. I'm sure anyone internet savvy and aware of the spam problem would have a mail reader that prevents remote images from being displayed - which renders this service useless.
    • Re:How it 'works' (Score:5, Insightful)

      by amembleton (411990) <aembleton@ b i g f o o t .com> on Sunday May 23, 2004 @05:36PM (#9233119) Homepage
      From the 'How It Works' page: Will my recipient know that I am tagging my e-mail?
      No. Not unless you want them to know.

      As I suspected, they are just using a tracking image, sometimes I look at the source of messages (sad, I know), then I would know if I was being tracked. That saves me opening an account to see how they were going to do this.

      I always view my email as Plain Text using Mozilla, so this wouldn't work unless I decided to switch back to HTML. I made some of these tracking images once and tried it out. I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.
      • Re:How it 'works' (Score:3, Informative)

        by alder (31602)
        ...unless I decided to switch back to HTML.
        Then you'll go to Tools -- Options... -- Advanced -- Privacy and make sure that "Block loading of remote images in mail messages" is checked. You'll gain nicely formatted messages (with images even if they are embedded) yet all remote images, that can track you, will be ignored.
        • Re:How it 'works' (Score:5, Interesting)

          by jonadab (583620) on Sunday May 23, 2004 @08:02PM (#9233946) Homepage Journal
          You're assuming he would prefer to view the message HTML-formatted rather than
          in plaintext, which for most users who know the difference is not the case.

          Viewing in plain text has the advantage of providing a consistent look and
          feel for every message, always using the reader's preference for fonts and
          colors, among other things. (There are a few exceptions, but most people
          prefer the fonts and colors *they* like over the ones other people want them
          to see, except in special circumstances such as when having a discussion
          about fonts and colors.)

          It's all moot for me; I use Gnus. Currently I have it set to only display
          text/plain parts and show anything else as an attachment, which I can save
          and view if I choose. This means HTML mail has the From and Subject fields
          to convince me it's not spam. It's been years since I received an HTML
          message that wasn't spam, incidentally, and I get a *lot* of mail. I do
          sometimes receive multipart/alternative messages that aren't spam, but the
          plain text part always shows fine in that case.

          I *could* configure Gnus to display HTML parts, using W3, or to launch a
          browser, such as Mozilla, but I choose not to configure it that way because
          I prefer to view the plaintext alternative, and like I said it's been years
          since I received an HTML-only message that wasn't unsolicited bulkmail.

          Back to topic, the didtheygetit.com claim that the service works regardless
          of what client the recipient uses is obviously not only bogus for their
          specific product but in fact a totally impossible thing for any product to
          deliver, unless the content is munged into a form that they are *unable*
          to view without alerting you, such as an executable that unencrypts and
          displays the text after phoning home -- but something like that would be so
          odious to so many recipients that the sender would by using it be decreasing
          significantly the chances that the message would be read at all, which would
          rather defeat the purpose of the whole idea. In other words, it's an utterly
          impossible thing to deliver. OTOH, they only claim it works in 98% of cases
          and carefully qualify this saying "in our testing", which presumably means
          they didn't test with geeks who use carefully selected high-quality mail
          readers; they probably tested mostly with Outlook, two or three popular
          webmail services, and maybe Eudora or Netscape. I can positively guarantee
          that it would never work with Pegasus Mail (though pmail *does* support read
          receipts, but only if the user has turned them on in the prefs; they're
          off by default), and obviously it doesn't work with my particular config
          of Gnus. (I don't know about a default Gnus config, but that's largely not
          a significant issue since people who leave settings at their defaults don't
          tend to use Gnus in the first place; it's very much geared toward people
          who like to change lots of options.) Clearly it also wouldn't work with
          mutt or pine or anything like that, and *obviously* it wouldn't work if
          the user talks to the POP3 server directly (which I happen to have just
          done yesterday, though I only looked at three or four messages that way,
          and I'm atypical, being the maintainer of the Net::Server::POP3 module).

          I can imagine that it might be useful to some people nonetheless, especially
          in a largely homogenous corporate environment wherein it is predictable what
          mail client everyone or almost everyone uses. But clearly they're very much
          exaggerating (at best) when they claim it works irrespective of the client.
        • Re:How it 'works' (Score:3, Interesting)

          by johnnyb (4816)
          The only problem with this is that it encourages people to include images already attached - meaning spammers will send images WITH their emails, causing even more bandwidth to be lost even if you don't open it. With remote images, you get the advantage of only sending the images to people who care.
      • Re:How it 'works' (Score:3, Informative)

        by BuckaBooBob (635108)
        Not to mention if you have didtheyreadit.com in your hostfile with your loopback.
      • Thunderbird at least (probably in Mozilla as well) has an option to turn off remotely loaded images. So you can keep the HTML formating if you so desire without worrying about being tracked in this fashion.

        • Thunderbird at least (probably in Mozilla as well) has an option to turn off remotely loaded images. So you can keep the HTML formating if you so desire without worrying about being tracked in this fashion.

          I can't find such an option in Mozilla. I've googled around but can't find anything on it. Maybe its time for me to switch to Firefox & Thunderbird.

      • Re:How it 'works' (Score:5, Interesting)

        by ciggieposeur (715798) on Sunday May 23, 2004 @08:00PM (#9233930)
        I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.

        PATENT ALERT

        I am about to describe a patented technique. Seriously. If you ever think you're going to implement a web bug, do not read this or IBM will be able to sue you for treble damages.

        Since a) I no longer work for IBM, and b) the method is on file in the patent, I am not violating my IP contract with IBM by describing this method.

        .
        .
        .

        PATENT ALERT

        .
        .
        .

        Method:

        The way to defeat browser caching is to make the IMG SRC point to a CGI that returns a REDIRECT (302) that points to the single-pixel image. So you might have IMG SRC="server/path/to/cgi?key1=val1&key2=val2". The browser will have to tick the CGI because it has "dynamic" parameters. However, the CGI has to return a REDIRECT because an intelligent proxy server in the middle might be trying to cache the output too. You don't care if the single-pixel image itself is cached, you just want to capture the CGI hit with all the parameters.

        • Re:How it 'works' (Score:5, Informative)

          by lostchicken (226656) on Monday May 24, 2004 @01:39AM (#9235374)
          Patent law cannot be circumvented with a clean-room designed algorithm. A lack of knowledge of the original source will not get you out of a patent suit, just copyright issues. So, if you are trying to make a web bug, you'd best read this and do something completely different, because no matter what, you can't use the above described technique without being in violation of IBM's patent. Not even if you came up with it all by yourself.
    • Re:How it 'works' (Score:5, Insightful)

      by jacobdp (698004) on Sunday May 23, 2004 @05:36PM (#9233122)
      This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

      And yet they claim that there's no way the recipient can know that the message is being tracked (see their FAQ [didtheyreadit.com]) It may not be complete snake oil, but the company is definitely lying about the service's transparency.

      And they route all your mail through their servers. I wouldn't be surprised if they soon started selling "pre-confirmed" email address lists.

      • Re:How it 'works' (Score:5, Insightful)

        by antic (29198) on Sunday May 23, 2004 @06:50PM (#9233576)
        A typical user would not know that a web bug was in place and the typical users are exactly who they're trying to get to buy into the service.

        You and I might ignore their attempts, but there are a hell of a lot of people out there who would like the sales pitch, the 5 free samples/tests and spend the money to use the service. For the most part, they'll be emailing people without mutt and the service may just work (more or less) as described.

        Where I would have an issue is with the small percentage of emails that they can't track due to clients forcing text only mail. If a user was to build a strong reliance on this service, they would only assume that the receiver had never even read their email when in actual fact they could've opened it in a text-only client and pored over it for days!

        And the privacy issues are astounding -- they would essentially get every copy of email sent through their system -- personal information and details, etc. If you care enough about the information you're sending to want to know if the receivee will read it, then you can bet that this company may care enough about the content too...
      • Re:How it 'works' (Score:3, Insightful)

        by photon317 (208409)

        And offsite imagine tracking is definitely not going to work for recipients like me, who use Mozilla Thunderbird and picked the config option "Block loading of remote images in mail messages".
    • Re:How it 'works' (Score:5, Informative)

      by RotJ (771744) on Sunday May 23, 2004 @05:41PM (#9233154) Journal
      Yahoo! and Hotmail also allow people to block all images until they explicitly approve them, so spammers can't track whether you've opened their spam. Didtheyreadit won't be able to either. So tracking for this service will be very spotty. For messages marked unread, you can NEVER know whether it was opened or not.
    • Re:How it 'works' (Score:3, Insightful)

      by dbirchall (191839)

      This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

      And, of course, in legitimate email newsletters and such, from lots of entities that actually have to track their ROI on such things. I used 'em about 4-5 years ago when I was doing web dev and DB marketing for a travel dot-com. If someone was signed up for our fare alerts or whatever, they'd get mail with a tag in it; if they clicked through to our site, that tag got tracked as a referrer, and passed along

    • Re:How it 'works' (Score:5, Interesting)

      by orthogonal (588627) on Sunday May 23, 2004 @07:09PM (#9233681) Journal
      So not only will it not work in text-based email clients (such as mutt), it won't work in modern versions of Outlook which block inline images by default

      Let's be even more sensible: your firewall rules should allow your email client to make connections to your mail server ONLY, and only to its ports 110 and 25 (I'm assuming POP3; IMAP would be other orts).

      (Not for linux users: Microsoft Windows firewalls typically allow setting rules separately for separate applications, by associating a process name (and in serious firewalls, the executable's MD5 sum) with the process requesting the connection.)

      This takes care of all web bugs, inline images, and javascript pop-ups or Active-x in Microsoft HTML email.

      Note that with any sensible email client, this won't block html links, as clicking an html link should invoke a separate browser application, with its own firewall rules.

      It will block linked (not inline) images, but only a very small minority of email linked images that are at all useful to view -- in this case I just save the email as html and open in a web browser.
  • by jcr (53032) <jcrNO@SPAMmac.com> on Sunday May 23, 2004 @05:27PM (#9233045) Journal
    All I have to do is read my mail when I'm not on line.

    Nothing to see here, nothing at all.

    -jcr
  • this is cool (Score:5, Informative)

    by quelrods (521005) * <<quel> <at> <quelrod.net>> on Sunday May 23, 2004 @05:28PM (#9233055) Homepage
    Well, it will tell you when they opened the email/how many times/etc. (assuming they have an html enabled email client.) It works w/ yahoo mail but not with pine. The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this? (I haven't a windows box)
    • Re:this is cool (Score:5, Interesting)

      by quelrods (521005) * <<quel> <at> <quelrod.net>> on Sunday May 23, 2004 @05:31PM (#9233076) Homepage
      woops forgot to add it's direction finding skills are weak. Apparantly I'm in Michigan? I'm in Austin,TX and my POP is chicago. It appears to try to get information via one of the upstream links which is horribly inaccurate.
    • by madprof (4723)
      So, in fact, this is not cool at all then.
    • by Anonymous Coward
      The infinite refresh to tell how long they read the email for is annoying in that it makes it look like the email never finished loading. Can someone see how outlook responds to this?

      I'm just guessing here, but, based upon my previous experiences with Outhouse, it probably downloads an activeX script from a site in Korea and promptly reboots. But then again, that's the default behavior.

  • OE read receipts (Score:3, Informative)

    by gbjbaanb (229885) on Sunday May 23, 2004 @05:30PM (#9233063)
    considering the non-friendly hack that you need to go through to get this working, wouldn't it be better to capture the data sent by Outlook and OE's read receipts and implement something compatible in Mozilla and other email clients.

    I only say use the Outlook 'standard' because it doesn't seem there's any others, and it'd be a bit useless if we had multiple versions.

    If we want read receipts, that is. Personally I turn them off, and don't send them.

    • Re:OE read receipts (Score:5, Informative)

      by Ryquir (172934) on Sunday May 23, 2004 @05:43PM (#9233164)
      Uhmm... you do understand that Mozilla and other E-mail client do actually have read receipts and that this isn't a "MS" standard?

      The only difference in clients abilities with regards to read receipts is how they present you the uninformed user the dialog box saying "Sender has requested you inform them that you have read this message".

    • Weren't read receipts 'invented' by Netscape 4.x?? That's the first time I remember seeing them. And the functionality is still in Mozilla, one of my friends requests them, and I get a box asking if I want to send it or not.
  • by KhalidBoussouara (768934) on Sunday May 23, 2004 @05:30PM (#9233066) Homepage
    To see if people read the article before posting on Slashdot.

    This post is a joke so don't moderate down. Also I am aware that this wouldn't be really effective.
  • Single pixel gif? (Score:4, Insightful)

    by ilikejam (762039) on Sunday May 23, 2004 @05:31PM (#9233072) Homepage
    Sounds to me like they just embed a simgle pixel gif in the message, and monitor when they recieve the request for it.
    How they monitor the length of time the mail stays open is a bit of a mystery.
    Turn off 'Download images' and I'd imagine their system becomes useless.
    Wasn't there a scare about spam merchants doing this once?
    • Re:Single pixel gif? (Score:2, Informative)

      by octalc0de (601035) *
      Perhaps the single pixel gif never finishes loading. That way, as long as the connection remains open, the web server clocks how long you're on the image.
    • Re:Single pixel gif? (Score:5, Informative)

      by Neon Spiral Injector (21234) on Sunday May 23, 2004 @05:38PM (#9233138)
      The time is probably calculated by not actually sending the image file, or sending it very slowly. So they just keep the HTTP session open, then note when the client closes. That would limit the tracking time to when the connection times out. Like the author said, he left the Yahoo mail open for 10 minutes and it only reported 2.

      An additional note, Yahoo does have an option to disable remote images, which would also break this.

      Seems this company is too late to the party. Almost all current e-mail clients now don't or have an option to not to load remote images.
      • Re:Single pixel gif? (Score:2, Interesting)

        by 5E-0W2 (767094)
        Could be animated gifs sent slowly? I remember back in the days of netscape 3 iirc netscape had an aquarium webcam that worked by having an animated gif and new frames getting sent as they were generated. Or perhaps it was server push (multipart mime content). It was something like that which would work for this anyway. 1996 was a long time ago.
        • That was indeed server push for the fish cam. Only worked with Netscape. I don't think Mozilla even supports multipart mime.

          I tested with one of the links provided here. It is just a 302 byte JPEG sent 1 byte per second. So max tracking time is 5 minutes.
    • Re:Single pixel gif? (Score:5, Informative)

      by ilikejam (762039) on Sunday May 23, 2004 @05:42PM (#9233163) Homepage
      Yup. Confirmed.
      At the bottom of the mail is:
      <img src="http://didtheyreadit.com/index.php/worker?cod e=xxxxxxxxxxxxxxxxxxxxx" width="1" height="1" />

      Oh well. Should prove very effective against those without the sense to turn off images anyway. Lets hear it for making money from people's ignorance!

    • Server-push. Very simple.
  • by xlyz (695304) on Sunday May 23, 2004 @05:31PM (#9233074) Journal
    just set your mail client to not download images
  • No good (Score:4, Insightful)

    by martingunnarsson (590268) * <martin&snarl-up,com> on Sunday May 23, 2004 @05:31PM (#9233078) Homepage
    If you can't trust the service, and you obviously can't, I don't think there's a very good reason to use it. Unless it works for every single message it's no good. It is a pretty neat idea, but the tinfoil hat crowd will most likely scream and shout about their privacy being invaded.
    • Probably the biggest problem isn't a violation of privacy (spammers are are using this same technique all the time anyhow, you REALLY should disable the loading of images in your mail client) is the fact that is does not and *cannot* work for all email providers and clients.

      Even Yahoo! webmail allows you to disable image loading. Furthermore, I always set my mail client to only show the plain text message, and not display any HTML at all. I don't need hypertext markup in my email messages.

    • Re:No good (Score:5, Insightful)

      by Z-MaxX (712880) on Sunday May 23, 2004 @05:52PM (#9233219) Journal

      Unless it works for every single message it's no good.

      So true. And this is straight from their main page:

      "Are you as sick of getting the "I never got your email." line as I was? This will eliminate that excuse completely. It really lets you know whom you're dealing with."

      Now you simply say, "My spam filter blocks images." And you may have a reason then to think that the person who sent you the message doesn't trust you.

      You can't solve a people problem with technology.

  • by Crashmarik (635988) on Sunday May 23, 2004 @05:32PM (#9233090)
    If the recipient is using a text based email program theres no way in heck anything is going to track whether the mail was opened or read. If its an HTML reader like Outlook just pop a web beacon and let your server monitor it. If you can't figure out how to make this work yourself, you probably shouldn't be allowed to go spying on others anyway.
  • Not very useful! (Score:2, Informative)

    by edoc (772148)
    This is not very useful as it is only tracking the images that are being loaded when the email is being viewed. However, most email clients now block these inline images from being loaded so this software will not function. In text based email clients it also will not function at all. These features have already been included in such email clients as evolution [novell.com].
  • by Anonymous Coward on Sunday May 23, 2004 @05:39PM (#9233145)
    It embeds a single pixel image, but it appears to keep feeding you the image forever, at a rate of a byte a second. Thus, if you use an HTML image reader that loads embedded graphics from random servers, they will know how long you had it open for.

    Of course, if you use an email program that's that, umm, "open", they could just embed a trojan in it and add features like listening to what you say when you open the mail, and pictures of you reading it. :)

  • I'M RICH!! (Score:5, Funny)

    by nacturation (646836) <nacturation AT gmail DOT com> on Sunday May 23, 2004 @05:43PM (#9233166) Journal
    Now I'm going to finally get Bill Gates and tons of other companies to finally pay up! [snopes.com]
  • eeevviiilll! (Score:5, Informative)

    by Gaima (174551) on Sunday May 23, 2004 @05:45PM (#9233174)
    http://www.rampellsoft.com/ [rampellsoft.com], the people bringing you didtheyreadit looks to me like a really evil company.

    software products to make your life on a computer easier and more efficient. by secretly spying on your spouse, kids and employees.
    Oh, sorry, record, my bad.

    /me goes back to kmail in text/plain by default, happy, safe, and in privacy.
  • by tji (74570) on Sunday May 23, 2004 @05:46PM (#9233182)
    By default, Google mail has images turned off. You have to click a link at the top of the message to force it to load the images.

    Most other mailers also have a way to turn off image loading because spammers have been using this tracking technique for a long time. If mailers don't allow image blocking yet, I'm sure that a service like this will get them to add that trivial feature.
  • Not that I let my email client load images anyway, but just because I'm spiteful, I think I'll go add
    "127.0.0.1 didthereadit.com" to my /etc/hosts file. (c:\windows\hosts in win98, C:\windows\system32\drivers\etc\ in XP, )
  • Depressing... (Score:5, Insightful)

    by Gutboy_Barrelhouse (260624) on Sunday May 23, 2004 @05:49PM (#9233196)
    Does anyone else find it depressing that the entire privacy issue this service (creates? no... inflames?) hinges on the fact that 99% of Internet users probably don't know whether they're reading email as HTML or plain text?
  • mwahaha (Score:4, Funny)

    by Anonymous Coward on Sunday May 23, 2004 @05:51PM (#9233210)
    Devious suggestion: Buy misspellings of their domain, then capture all emails you receive. Hours of fun!
  • Better alternative (Score:4, Informative)

    by mapinguari (110030) on Sunday May 23, 2004 @05:56PM (#9233240)

    If you're wanting to use something along these lines, a more up-front company that doesn't use invisible web bugs is HaveTheyReadItYet [havetheyreadityet.com].

    They use images of stamps, which are customizable, which is kind of a cool idea.

    However, this only available for Windows.

  • SPAMMERS, perhaps? (Score:5, Insightful)

    by whoever57 (658626) on Sunday May 23, 2004 @05:57PM (#9233244) Journal
    A whois on didtheyreadit.com shows an address in Florida.

    Wouldn't this be a great way to harvest thousands or millions of known good email addresses?

    The TOS only states that they will not store the emails -- yet their own logs will contain the email addresses. There is nothing in the TOS that explicitly prevents them from using those addresses.

  • Awesome! (Score:3, Funny)

    by CRC'99 (96526) on Sunday May 23, 2004 @06:01PM (#9233269) Homepage
    Now I'll be able to find out if the boss is actually reading my email!

    heh - and he says he doesn't get it :)
  • by tigress (48157) <rot13.fcnzgenc03@8in.net> on Sunday May 23, 2004 @06:03PM (#9233284)
    In my personal opinion, I think this might actually be a good thing. Considering the fact that didtheyreadit.com uses external images for tracking, and that they're getting a whole bunch of publicity right now (partially due to this very article), this is just another reason for email clients to block external images by default - spam apparently not being a big enough reason yet.

    With a bit of luck, this will make more sites and clients want to implement image blocking, which will in turn make it harder for spammers to get their messages across.

    Spam is merely an annoyance to most people. Privacy issues are not. :)
  • Could be useful (Score:3, Interesting)

    by zerosignal (222614) on Sunday May 23, 2004 @06:05PM (#9233291) Homepage Journal
    I think this would be useful for dealing with companies with poor customer service. You can check if your mail was actually read by a human. Chances are they are all using Outlook with HTML enabled, so the tracking would work.
  • DNS fun... (Score:5, Insightful)

    by AVee (557523) <slashdot&avee,org> on Sunday May 23, 2004 @06:14PM (#9233353) Homepage
    Looks like they've got a wildcard mx record:
    # host -t mx aol.com.didtheyreadit.com
    aol.com.didtheyreadit.c om mail is handled by 10 mail.cluster1.didtheyreadit.com.
    host -t mx lsdkfjksdlfjklsdjf.didtheyreadit.com
    lsdkfjksdlfj klsdjf.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.
    Now whould you like to pay for an email service that doesn't even have a fallback mailserver and is likely be busy handling mail for info@didtheyreadit.com.didtheyreadit.com.didtheyre adit.com.didtheyreadit.com.didtheyreadit.com
    # host -t mx didtheyreadit.com.didtheyreadit.com.didtheyreadit. com.didtheyreadit.com.didtheyreadit.com
    didtheyre adit.com.didtheyreadit.com.didtheyreadit.com.didth eyreadit.com.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.
    • Re:DNS fun... (Score:2, Interesting)

      by Anonymous Coward
      Probably because mail.cluster1.didtheyreadit.com points to 3 different IP addresses.. Not sure why they didn't just make 3 separate MX records.
    • Re:DNS fun... (Score:3, Interesting)

      by grozzie2 (698656)
      mail is handled by 10 mail.cluster1.didtheyreadit.com.

      Ok, a little more digging. mail.cluster1.didtheyreadit.com resolves to 3 consecutive ip addresses. Repeat the process for www.didtheyreadit.com and you find that the same 3 ip address resolve to that. This smells a lot like somebody has gone to the effort to build a high availability cluster for dealing with mail, just based on the consecutive ip's and the telltale names.

      Interesting, this same cluster is also set up to provide the backing infras

    • Re:DNS fun... (Score:3, Interesting)

      by shani (1674)
      Two things about fallback mail servers.

      The first is that Internet mail has retry functionality built in. If your mail server goes off-line for a few minutes, most clients won't notice. It's not an immediate service like HTTP. Personally, I only have a backup MX for my personal domain because my box is physically located at my employer's office. The company could unplug it (permanently!) at any moment. People I trust - companies not one iota.

      The other thing is, as other people have mentioned, this ser
  • It seems didtheyreadit.com is looking at the same thing with a different view in mind. Their new domain name is: isyourrecipienttotallyignorantaboutsecurity.com.

  • Easy fix... (Score:5, Informative)

    by jafiwam (310805) on Sunday May 23, 2004 @06:28PM (#9233435) Homepage Journal
    just put:

    127.0.0.1 didtheyreadit.com

    In your hosts file...

    Or put an authoritative zone in your DNS servers if you have access.

    Done, no query reaches their server.
  • So if you have to send email through their server, which adds a hidden tracking image and then resends the message, wouldn't all of this be blocked by SPF-aware servers? I can't even send orkut invitations out because they send "from" me and they're not in my SPF record.
  • Actually (Score:3, Funny)

    by t_allardyce (48447) on Sunday May 23, 2004 @06:37PM (#9233497) Journal
    I've got a better idea, stick a porn banner in your email which links to a site on your server, then check the logs and see *exactly* how *long* they errr.. *read* your *email* and which page they *read* the most ;) ah probably been done

    im *really* *really* sorry for the asterix's (spelling)
  • by bigberk (547360) <bigberk@users.pc9.org> on Sunday May 23, 2004 @07:10PM (#9233684)
    I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...

    INSTANT OPEN RELAY.

    All a spammer has to do is forge their From address (the only means of relay authentication!) and append .didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.
  • by NitsujTPU (19263) on Sunday May 23, 2004 @07:16PM (#9233717)
    Things like this remind me of the most paranoid, annoying, emailers that I deal with daily. Something like 1 in 1000 emails are the type that I would ever stick a receipt on. For the most part, even those I would ask for a friendly reply in the text at the bottom.

    At work, I am somewhat compelled to use outlook. Here's my favorite setting:

    1) Automatically unflag incoming messages:
    -Think noone reads your email? Why not flag every message you send. That way, they'll all look importat... or, the important ones will get lost in the see of red flags.

    Do any of you have settings that would be good in Outlook?
  • by Megane (129182) on Sunday May 23, 2004 @07:35PM (#9233819) Homepage
    DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more.

    Guess what folks. There's no law that says you have to let a megacorp run your e-mail. With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)

    All this is is simple "web bug" HTML IMG link spying. Anyone with any kind of sense has configured their e-mail client to not automatically download remote images. Or even to not display HTML crap at all. And please don't tell me that they use Javashi^H^Hcript, because that means there's a brain-damaged popular e-mail program out there that allows it (or a webmail site that doesn't filter it). All we need is another way for e-mail to run wild code.

    Is anyone else getting a flashback to the all the stupid ideas that would burn through millions of dollars in VC cash back in the dot-com bubble days?

  • by BillX (307153) on Sunday May 23, 2004 @08:13PM (#9233991) Homepage
    I have identified this service to be a scam using the "superfluous female person standing next to logo" method. I'm still wondering where her headset went, though...
  • There is another company that claims to do this, ReadNotify [readnotify.com].

    It looks to be exactly the same kind of service as Didtheyreadit.com.

    I first became aware of this company by reading Mozilla's bug report 28327 - http://bugzilla.mozilla.org/show_bug.cgi?id=28327 [mozilla.org] (cut/paste URL and open in new window).

    Mozilla/Thunderbird also has trouble completely blocking all server contact in email, as it evidently doesn't sandbox the email environment enough (images may be blocked, but stylesheets and other external URL's can still leak through, last I checked).

    BTW, there is a workaround if you use Mozilla/Thunderbird: set your View/Message Body As settings to "Simple HTML", or better yet, "Plain Text". This works 100%!
  • by Kent Brewster (324037) on Sunday May 23, 2004 @11:09PM (#9234800) Homepage Journal
    You can do this without using an image or JavaScript, and give away nothing in the source of the message. Here's one way, using Apache, .htaccess, and PHP:

    1) In the header of your HTML e-mail message, load up a style sheet:

    <style type="text/css">
    @import "http://your.server.com/your.css";
    </style>

    2) In the server directory containing your CSS file, add the following line to .htaccess:

    AddType application/x-httpd-php .css

    Any file ending in .css under this directory will now be run as if it were a PHP script.

    3) Save this as your.css:

    <?php
    require "track_message.php";
    ?>

    Done. No images, no JavaScript ... any reader that accepts HTML messages will trigger track_message.php, and nothing unusual will be visible in source code, even if some curious person pulls down http://your.server.com/your.css to take a look.
  • by kc8jhs (746030) on Sunday May 23, 2004 @11:49PM (#9234955)
    The shocking thing was, in the interview, the founder/inventor(not)/designer/coder whatever he was, claimed that large large portions of mail actually gets lost on the internet.

    A gentleman called in from a design engineering firm who emails large documents to other members of the firm and other associates around the country. The "expert" insisted that the didtheyreadit.com was the perfect service for them to assure that their emails made it there and were in fact read.

    My question was this, how does email between two people who regularly email each other, and are probably expecting it, "get lost"? This was a major point that the guy was making, which seemed to me like he was spreading classic FUD.

    Lets make sure that our friends aren't using this product for those reasons! Assure them that undeliverable mail will be properly reported back to them always, and show them how to set their mail clients to always accept mail from those in their address books!

    -Mikey P
  • by jzap (134887) <jzap@jzap.com> on Monday May 24, 2004 @06:06AM (#9236127) Homepage
    They put a 1x1 image in the HTML e-mail with a (long) unique number in the SRC URL. The unique number identifies the sent message. When your e-mail client tries to fetch the image, they send the header right away (type=image/jpeg), but they trickle the data to you at one byte per second. This keeps the connection open for as long as you view the message. When you stop viewing the message, the connection closes, and their timer stops.

    I'd show you what a dump of an 118-byte-long version of their JPEG image looks like, but the Slashdot Lameness Filter didn't like all those "junk" characters! However, you can view the dump here: http://jzap.com/img/ReadItBug.jpeg.txt [jzap.com]

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...