Testing didtheyreadit.com's Mail-Tracking Claims

iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more.

"This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"

The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Single pixel gif?

[ilikejam]

Sounds to me like they just embed a simgle pixel gif in the message, and monitor when they recieve the request for it.
How they monitor the length of time the mail stays open is a bit of a mystery.
Turn off 'Download images' and I'd imagine their system becomes useless.
Wasn't there a scare about spam merchants doing this once?

No good

[martingunnarsson]

If you can't trust the service, and you obviously can't, I don't think there's a very good reason to use it. Unless it works for every single message it's no good. It is a pretty neat idea, but the tinfoil hat crowd will most likely scream and shout about their privacy being invaded.

Re:How it 'works'

[amembleton]

From the 'How It Works' page: Will my recipient know that I am tagging my e-mail?
No. Not unless you want them to know.

As I suspected, they are just using a tracking image, sometimes I look at the source of messages (sad, I know), then I would know if I was being tracked. That saves me opening an account to see how they were going to do this.

I always view my email as Plain Text using Mozilla, so this wouldn't work unless I decided to switch back to HTML. I made some of these tracking images once and tried it out. I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.

Re:How it 'works'

[jacobdp]

This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

And yet they claim that there's no way the recipient can know that the message is being tracked (see their FAQ [didtheyreadit.com]) It may not be complete snake oil, but the company is definitely lying about the service's transparency.

And they route all your mail through their servers. I wouldn't be surprised if they soon started selling "pre-confirmed" email address lists.

Depressing...

[Gutboy_Barrelhouse]

Does anyone else find it depressing that the entire privacy issue this service (creates? no... inflames?) hinges on the fact that 99% of Internet users probably don't know whether they're reading email as HTML or plain text?

Re:No good

[Z-MaxX]

Unless it works for every single message it's no good.

So true. And this is straight from their main page:

"Are you as sick of getting the "I never got your email." line as I was? This will eliminate that excuse completely. It really lets you know whom you're dealing with."

Now you simply say, "My spam filter blocks images." And you may have a reason then to think that the person who sent you the message doesn't trust you.

You can't solve a people problem with technology.

Re:But we're blocking it anways..

[JessLeah]

Clearly, this service isn't being marketed to the SlashDot crowd. The very IDEA of this service reeks of "mass market", which we are not. (Though, with all the MSFT ads, we're getting closer every year. I'm just waiting until I see AOL ads on SlashDot. That'll be the day...)

SPAMMERS, perhaps?

[whoever57]

A whois on didtheyreadit.com shows an address in Florida.

Wouldn't this be a great way to harvest thousands or millions of known good email addresses?

The TOS only states that they will not store the emails -- yet their own logs will contain the email addresses. There is nothing in the TOS that explicitly prevents them from using those addresses.

Good for them, and us.

[tigress]

In my personal opinion, I think this might actually be a good thing. Considering the fact that didtheyreadit.com uses external images for tracking, and that they're getting a whole bunch of publicity right now (partially due to this very article), this is just another reason for email clients to block external images by default - spam apparently not being a big enough reason yet.

With a bit of luck, this will make more sites and clients want to implement image blocking, which will in turn make it harder for spammers to get their messages across.

Spam is merely an annoyance to most people. Privacy issues are not. :)

DNS fun...

[AVee]

Looks like they've got a wildcard mx record:

# host -t mx aol.com.didtheyreadit.com
aol.com.didtheyreadit.c om mail is handled by 10 mail.cluster1.didtheyreadit.com.
host -t mx lsdkfjksdlfjklsdjf.didtheyreadit.com
lsdkfjksdlfj klsdjf.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.

Now whould you like to pay for an email service that doesn't even have a fallback mailserver and is likely be busy handling mail for info@didtheyreadit.com.didtheyreadit.com.didtheyre adit.com.didtheyreadit.com.didtheyreadit.com

# host -t mx didtheyreadit.com.didtheyreadit.com.didtheyreadit. com.didtheyreadit.com.didtheyreadit.com
didtheyre adit.com.didtheyreadit.com.didtheyreadit.com.didth eyreadit.com.didtheyreadit.com mail is handled by 10 mail.cluster1.didtheyreadit.com.

Re:How it 'works'

[dbirchall]

This is nothing more than off-site image tracking, as has been seen in spam for ages and ages.

And, of course, in legitimate email newsletters and such, from lots of entities that actually have to track their ROI on such things. I used 'em about 4-5 years ago when I was doing web dev and DB marketing for a travel dot-com. If someone was signed up for our fare alerts or whatever, they'd get mail with a tag in it; if they clicked through to our site, that tag got tracked as a referrer, and passed along to the e-commerce part. Made it a LOT easier to say to the marketers "yeah, we sent X messages, Y people clicked through, Z people bought, and here's the top-line revenue for this particular fare promo."

This is just to clarify that it's the spam that's evil, not the image tags themselves. ;)

Re:How it 'works'

[antic]

A typical user would not know that a web bug was in place and the typical users are exactly who they're trying to get to buy into the service.

You and I might ignore their attempts, but there are a hell of a lot of people out there who would like the sales pitch, the 5 free samples/tests and spend the money to use the service. For the most part, they'll be emailing people without mutt and the service may just work (more or less) as described.

Where I would have an issue is with the small percentage of emails that they can't track due to clients forcing text only mail. If a user was to build a strong reliance on this service, they would only assume that the receiver had never even read their email when in actual fact they could've opened it in a text-only client and pored over it for days!

And the privacy issues are astounding -- they would essentially get every copy of email sent through their system -- personal information and details, etc. If you care enough about the information you're sending to want to know if the receivee will read it, then you can bet that this company may care enough about the content too...

Big problem: instant open relay

[bigberk]

I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...

INSTANT OPEN RELAY.

All a spammer has to do is forge their From address (the only means of relay authentication!) and append .didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.

Re:How it 'works'

[photon317]

And offsite imagine tracking is definitely not going to work for recipients like me, who use Mozilla Thunderbird and picked the config option "Block loading of remote images in mail messages".

Re:It's an animated GIF!

[Seumas]

What's pathetic is that the USA Today technical writer Kevin Maney wasn't smart enough to really investigate the product/technology he was reporting on. Not a shred of investigative reporting or critical thinking in the entire article.

Even my grandmother would have to sense to do more investigating and be more doubtful about the claims of the product than this guy.

"Every single internet provider"?

[Megane]

DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more.

Guess what folks. There's no law that says you have to let a megacorp run your e-mail. With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)

All this is is simple "web bug" HTML IMG link spying. Anyone with any kind of sense has configured their e-mail client to not automatically download remote images. Or even to not display HTML crap at all. And please don't tell me that they use Javashi^H^Hcript, because that means there's a brain-damaged popular e-mail program out there that allows it (or a webmail site that doesn't filter it). All we need is another way for e-mail to run wild code.

Is anyone else getting a flashback to the all the stupid ideas that would burn through millions of dollars in VC cash back in the dot-com bubble days?

Re:How it 'works'

[wanion]

I don't know about there, but here in New Zealand if someone redirected your call to a $9.95/min number then they would be paying for the cost of that call. Is it different where you are? I just can't see the advantage of costing yourself that much money over this.

Re:How it 'works'

[MarkGriz]

No need to render it useless. The service seems pretty useless all by itself.

Re:How it 'works'

[mobets]

Now if only I counld set a list of address that is is ok to get remote pictures for. Outlook can do this. Why not Thunderbird?

Re:How it 'works'

[letxa2000]

And they certainly have achieved fantastic press with this slashdot exposure: suddenly a large group of people know the name, what it does, how it works and how much it costs...

... And an SMTP server(s) that we can add to our "denied hosts" file to filter all incoming crap from them. If someone cares enough to add a webbug to their emails to violate my privacy, I care enough to filter them.

Re:Depressing...

[Brandybuck]

And people call Windows "easy to use"? Hah!

Re:SPAMMERS, perhaps?

[danharan]

And conveniently, they also have a sender that is likely on your white list...

More sophisticated analysis could also yield useful info (likely gender of the sender based on words and sentence structure; keywords to indicate interests).

Re:As a link... and another way to mess them up...

[The Kiloman]

Ahh, so that's how they track how long you looked at the message. As long as you have the message up, your client keeps the socket open, trying to load the image. They send you the image content at a rate just fast enough to keep the client interested. (If I cared, I'd run a TCPDump and get numbers.) When the socket's closed, they think you've stopped looking at the message.

They're probably also relying on quirks in the Windows / IE network code... something about Linux or maybe Mozilla gives up, calls the image done, and closes the socket after 2 minutes, whereas IE will keep trying until the parent frame or message is closed. That would explain why it took me ~2 minutes to load the parent post's link, and why it said that the reviewer only read the message for 2 minutes.

Re:Big problem: instant open relay

[Geotopia]

Let's say that I monitor incoming SPAM for a while. I pick up a pattern for the DidTheyReadIt relays (that's all they are) by looking at headers or monitoring inbound traffic on my POP server. Then I take one (or many) of those email addresses I've identified as coming through "DidTheyReadIt" and forge it/them in the from: field and then append the appropriate tag to the end of the to: addresses. Now all those will relay through the DidTheyReadIt servers, racking up charges for the forged from: senders and tying up their service. This thing is as doomed to fail as the basically flawed SendMail structure that fails to certify the sender and got us in this mess in the first place.

I could have some fun with this sending email from known spammers back to other known spammers and put it on their tab for a change.

Email is dead as a useful form of communication - let's just face it and find something new!