User Not Found, Email Drops Silently

shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."

Remote images?

[simcop2387]

What about decent clients that won't automatically load remote images and don't support javascript?

Re:

[Anonymous Coward]

In that case ReadNotify et al are shit out of luck.

Re:Remote images?

[Creepy Crawler]

But Im not trying to get out of "readnotify" gunk. I use pine on my server because I can read it via a 56k modem. I dont need to download big nasties or anything else. All I need is PuTTY or ubuntu's ssh.

All my mails are there on the server for my easy pickings. No stupid stuff, and damned fast.

Re:Remote images?

[cayenne8]

Yep...I prefer email to be plain text, no need to send 1MB worth of date, to display 5 lines of text.

I request that people set their email clients to text for forums I'm on...and often, people will do it and didn't know they could change this setting on their email client. Why is html mail the default on so many clients anyway?

Anyway...I was wondering how this company would get this type of info reading plain old email, but, I'd forgotten about using clients set up to download images, javascript...etc.

Re:Remote images?

[Smauler]

html mail is not a big overhead necessarily. All it is a markup language, and it only adds small amounts to emails if used well. If used poorly, it's diabolical. Blame the sender, not the medium - html emails do have their place.

Also, anyone who lets their mail reader access _any_ unkown outbound html connections is asking for trouble.

Re:Remote images?

[cayenne8]

"html mail is not a big overhead necessarily. All it is a markup language, and it only adds small amounts to emails if used well. If used poorly, it's diabolical. Blame the sender, not the medium - html emails do have their place.",

I was exaggerating a little bit on the amount of data being sent with html mail, but, I have seem some emails that were WAY too big, for the few lines of information they carried...with the wallpapers, and animated images all dancing around, etc.

With so much email out there, it all adds up to serious bandwidth waste.

Re:

[thePowerOfGrayskull]

Well - the overhead isn't big in terms of size - but when you have 18 different images linked to from offsite, it becomes a whole different issue. (And that's just for normal 'catalog'/advert emails that get sent out, not counting this lame tracking silliness.)

Re:

[CastrTroy]

They use images for the entire email, because Outlook 2007, to name just one of many email clients, is completely incapable of rendering anything outside of extremely basic HTML. Using a bunch of images arranged in a table is the best way to assure your nicely designed email newsletter/adleter won't be mangled by the email client.

Re:

[thePowerOfGrayskull]

I understand the reasoning for it, but that doesn't make it any less irritating as a practice. The fact is that anybody who is reasonably security conscious will - at minimum - disable image rendering and javascript in their email client. So when an entire email consists of external images and terribly formatted links, the sender pretty much shoots him/herself in the foot.

Re:

[Your Pal Dave]

Trouble is, HTML in no way ensures that your formatting doesn't escape unmangled, even if you specifically target a single type (outlook) of client. At work we use a non-outlook client and most HTML emails look like doo-doo. (Of course they may look that way in outlook too, such is the layout skill of your typical HTML sender)

If you're really concerned about retaining formatting tne only practical solution is to use a PDF attachment.

Re:Remote images?

[tomhudson]

Rich text can actually be useful, you know. The fact that pretty much the entire web opts to use rich text rather than plain text should tip you off to that.

My email is not a web page, and I don't *want* it to be one. Nor do I want to read someone else's "web-page-style" email, run their dorky embedded javascript, or download their 1x1 12ab95rtyd62534.gif tracking images. CSS Style sheets for email? Wallpaper? Muzak? Sick.

Re:

[grolaw]

Web bugs in email - just what you want in an attorney's email.

Re:

[grolaw]

Eudora - my old friend, won't load any of that crap and can be set to respond to a "return receipt" request from Outlook as "now" "later" "Never" - always had fun with that feature....

But, seriously - if you are using a mail application that does "blindly" support HTML and resides on your desktop/laptop the weasel sending you email will have your MAC and IP address. Consider being in your "lover's" home / business when that email hits your laptop - now the spouse has you located.

The Feds and some state pol

And Get Off My Lawn, Too!

[maillemaker]

I am not responding to your post in particular, but it is as convenient a spot as any in the sea of "No HTML email!" posts. I use HTML email for one reason: text formatting. I like including underlines and italics in my emails for emphasis. Yes, I can post like I do here on slashdot and use /slashes/ for emphasis in plain text, but come on, this isn't 1980 anymore, you know? At work I frequently embed images in my emails because I am discussing engineering problems and it is frequently useful to include pictures to describe the problem. But the primary reason I use HTML email is for text formatting.

Re:

[Anonymous Coward]

html mail is not a big overhead necessarily.

Bullshit. Create a one paragraph message and send it with Pine or command-line unix mail. Then send the same paragraph with Outlook or other common email software. Look at how much html fluff gets into the message.

All it is a markup language, and it only adds small amounts to emails if used well. If used poorly, it's diabolical. Blame the sender, not the medium - html emails do have their place.

The sender doesn't know anything about what happens behind the scenes,

Re:Remote images?

[KGIII]

Before one cries bullshit I'd suggest that you, and a few others in this thread, look at your email software's settings. Most, including Outlook, enable you to send in plain text format. Blaming the software authors for people not understanding? I think you'll find the people DO understand (to some extent) and they like it. That'd be why they do it. People LIKE including images, pretty formats, and the likes. I friggen hate it. I read and send in one format, plain text, but that's me. My newsletter doesn't even offer a rich text format. But don't blame the software designers, blame the people who are doing what they like. "Bad people for doing what you wanted to and horrific software designers for enabling them to do so! Email is only in one way and it is my way and if you're not doing it my way then you're a dolt!" No... No... Grandma wants to send you pretty images and sound. Turn it off and smile nicely.

Wanna know the kicker here? Without taking the time to read the article, I bet, you're likely one of the people who bitches about blowback spam. Which is it? Do the folks want to be notified when it doesn't reach the sender or not? Me? I'll take notification and delete the blowback like I do the rest of the garbage. I process a few thousand emails daily, all in about ten minutes to an hour depending on the day... I don't even have to use software to do it. I'm not even that smart. Hell, I don't even type that fast.

So, no... To get to my point. You're full of crap. Don't blame the authors for creating functional software that does what people want it to do. I'd have agreed if you'd thought that *maybe* plain text should be enabled by default but that's not what "people" want, that's what "we geeks" want and how we prefer things. It isn't our internet any more. It isn't our system any more. Today they're no longer users and the longer we can keep calling them users or lusers or the likes the further we'll split the divide. There will not be a convergence but, well, this digresses beyond what the topic is and I'll attempt to avoid that. It is easy enough to figure out who I am and use email contact but, please, plain text only. ;)

Re:

[secolactico]

Wanna know the kicker here? Without taking the time to read the article, I bet, you're likely one of the people who bitches about blowback spam. Which is it? Do the folks want to be notified when it doesn't reach the sender or not? Me? I'll take notification and delete the blowback like I do the rest of the garbage.

I'm not the person you are replying to, but here are my (unasked for) 2 cents:

If by blowback spam you mean backscatter spam, it doesn't have to be an "either or" situation. Backscatter spam is c

Re:

[KGIII]

I've a couple of servers (clients, not mine) that use postfix... I will take a look in the morning to see.

Blowback was the term I was most familiar with from my days of simply saying "screw it" and jumping into the SpamCop lists so I'll *assume* they're the same. Oddly, we do have two single Exchange servers that we host for a couple of local businesses. They seem to get the least complaints or have the least issues. You say it doesn't have to be an either or... If you disable, please pardon my ignorance,

Re:

[Kompressor]

Okiedokie, time to add my $0.02 to the pot :-D

The key difference is that backscatter generating SMTP servers accept an email, close the connection with the remote server, realize that there is no local user by that name, and then generate a bounce e-mail (usually, but not always) with the content of the original message. As spammers usually put some unsuspecting third party's e-mail address as the "from" or "reply to", the third party gets the bounce, AKA backscatter.

The other approach is this: mailserver

Re:Remote images?

[cayenne8]

"If you hate HTML so much, how come you use the web?

HTTP is based on HTML and you seem to be OK with using Slashdot. Why not use a proper markup language to format email messages? "

Because they are two distinctly different things. Email is not a webpage....a webpage is designed exactly for html presentation. Email is text messaging...it wasn't originally meant to be marked up, it was to be read as simple plain text.

Re:Remote images?

[uncqual]

Email is a just a communication tool - nothing more, nothing less.

Before IM and text messaging were ubiquitous, email served these roles along with the role of communicating more complicated (and often less transient) information. The IM and text messaging roles are now partially (and often better) addressed by other tools now.

While I hate HTML email laden with gratuitous and distracting images and formatting, appropriate use of formatting and inclusion of images helps communicate information more quickly and accurately. For example, appropriate use of bold text can highlight exceptional information very nicely without adding additional verbiage to a message. Similarly, a graph can communicate information much more quickly than the data in raw text form (for example in an emailed "release bug status" report).

The problem, of course, is that anything can be abused and become less effective. People used to abuse ASCII email by trying to make graphs in ASCII and used tabs - these were inevitably screwed up during display (esp. when included in another message).

Email has evolved. Our connectivity has evolved (remember the days of 110 "baud" modems?). To say that email should be restricted to 20 year old technology (maybe even including the speed of transmission?) at the expense of effective communications makes as much sense as saying that manuals should still be restricted to printed copies from line printer output (in monospaced font!) -- and that updates should be done via regularly distributed change pages).

Re:

[nospam007]

Email has evolved. Our connectivity has evolved (remember the days of 110 "baud" modems?). To say that email should be restricted to 20 year old technology (maybe even including the speed of transmission?) at the expense of effective communications makes as much sense as saying that manuals should still be restricted to printed copies from line printer output (in monospaced font!) -- and that updates should be done via regularly distributed change pages).

I gather it you don't get many multi-megabyte power p

Re:

[johannesg]

Email has evolved. Our connectivity has evolved (remember the days of 110 "baud" modems?). To say that email should be restricted to 20 year old technology (maybe even including the speed of transmission?) at the expense of effective communications makes as much sense as saying that manuals should still be restricted to printed copies from line printer output (in monospaced font!) -- and that updates should be done via regularly distributed change pages).

I gather it you don't get many multi-megabyte power point slides containing 2 line jokes from newbie morons.

I gather you still use a 110 baud modem, given that a simple quotation character was already too much effort...

Re:

[Antibozo]

HTTP is based on HTML

Uh, no it isn't. Granted, a lot of the objects transported over HTTP are text/html, but a lot of them aren't. And you can put text/plain documents up on the web to your heart's content. Most people don't do this very often because with the textual part of the web, unlike with email, the point is to link to other things (hence the term "web"). Furthermore, you don't need HTML to link to other things in email because decent mail clients recognize links in plain text emails anyway.

Re:

[vsync64]

True. However HTML is always used diabolically. Therefore, although it would be nice to have headings, bulleted lists, etc in mail, it's simpler to just ban HTML mail.

Re:Remote images?

[Kalriath]

Is there actually an email client that runs Javascript? Even recent versions of Outlook wont (and even can't - Word has no Javascript interpreter!) and I'm sure that Thunderbird wouldn't be that stupid.

Re:Remote images?

[lostguru]

Ah, but most people don't read email using a client, they use a browser and a html frontend provided by their service (gmail, yahoo, msn) in which case the browser will run javascript.

Re:

[smittyoneeach]

In which case http://noscript.net/ [noscript.net] at least gives you a fighting chance to see WTF, at least in a FireFox context.
At work, where Mr. Softy p0wnz0rz me, I'm less concerned.

Re:

[mrmeval]

That add-on is moronic. It lets you ban them after it's screwed your system?

Re:

[JoshRosenbaum]

Ah, but most people don't read email using a client, they use a browser and a html frontend provided by their service (gmail, yahoo, msn) in which case the browser will run javascript.

Javascript should be stripped by gmail, yahoo, msn, and basically all web clients. So the browser shouldn't run it at all. (Unless there is a bug in the web client or maybe a setting?) That's basically Web 101: Don't allow untrusted external code to be ran.

Re:

[startled]

Gmail strips JS, and doesn't display images unless you specifically tell it to.

How much are people going to be willing to pay for a service that doesn't even work for gmail users? I suppose you could make the image alt text say "pretty, pretty please click the display images button", but most users still aren't going to bother. They'll delete the message or mark it spam, and get on with their day.

Re:

[antdude]

Why is this marked funny? I do the same but with Mutt. Text mail and news reader FTW. Same for text Web browser to check really quick. ;)

Re:Remote images?

[Creepy Crawler]

I use pine on my server all the time. That means I dont do any JS or image loading. How is downloading text from a mailserver going to "autodelete", "report" or other nefarious activities?

If they had my login/pass it'd be a different story, which could be gotten by ANSI injection in mail, but that would require a lot of assumptions, including platform server resides upon. We've seen those hacks before, including ones that echo rm -rf / \cr\lf

rm -rf / spying !?

[Cynic.AU]

"My mail client is fine because it doesn't load javascript or images.. however it's possible for someone to nuke my entire filesystem or execute anything!"

What kind of crazy priorities do you have?

Also, I use pine -- would someone please share some proof-of-concept? Otherwise I won't have to write my own goddamn text-based email client! Ye gods.

Re:

[Niten]

How is downloading text from a mailserver going to "autodelete", "report" or other nefarious activities?

It could be in the form of a very persuasive entreaty for you to write back to the service provider and personally report your actions.

Doesn't matter.

[khasim]

Since their business model depends upon selling their "service" to people who don't know anything about email other than "click to send" ...

more importantly,

[Escogido]

it primarily depends upon the recipients who don't know any better than to use all sorts of unsafe mail clients who allow such tricks to be played on them. as long as these comprise the majority, that business model is sustainable.

so this is not a privacy issue but a security issue.. and it's much older than 2000.

Not really.

[khasim]

it primarily depends upon the recipients who don't know any better than to use all sorts of unsafe mail clients who allow such tricks to be played on them.

But most of the modern mail clients have that functionality either turned off or they pop up a window that requires the recipient to agree to send the acknowledgment or view the images. I don't know about you, but I'm running Thunderbird on Ubuntu and it does both.

so this is not a privacy issue but a security issue.. and it's much older than 2000.

I agree

Re:Not really.

[John Hasler]

> I agree that it is older than 2000. But it is becoming less of an issue every day. As
> the older machines fail, they will be replaced with newer ones with modern email clients.

Mutt and Gnus are both modern, well-maintained, and available for "modern" machines (unless "modern", to you, means "comes with built-in malware").

Re:

[EvanED]

He's not talking about replacing stuff like Mutt because it's antequated, he's talking about replacing things like old versions of Outlook/Outlook Express, or even old versions of Thunderbird.

Re:

[fuzzix]

so this is not a privacy issue but a security issue

The difference being..?

Re:

[techno-vampire]

it primarily depends upon the recipients who don't know...

that there's more than one program they can use for their email. Most people use whatever program is pre-installed on their computer, and as more people use Windows than anything else, that generally means one form of Outlook or another. Either that, or they only know how to use webmaiil, and that's even worse when it comes to loading images and such without asking.

Re:Remote images?

[rm999]

As far as I am aware, Gmail was the first mainstream e-mail service/client that did not load remote images automatically. Before then, these tracking products were plausible, but fortunately most clients I am aware of have followed suit and ruined the business plan.

Now, the only way to truly track e-mails is to request the user click on a link to an external website to read the message. I don't know many people who would do this without suspicion.

Re:Remote images?

[pthor1231]

Hotmail doesn't loaded remote images, and would even prevent you from clicking on a link if the sender was unknown. They have been doing this for quite a while.

Re:

[KGIII]

I am not 100% positive but I'm pretty sure that they were doing this even before the advent of GMail. I recall, I'm thinking 2002 as the era though it may have been earlier, that one was forced to click "load images" from untrusted senders and even from people in your address book (which was a much discussed bug in the newsgroups) sometimes. I realize that it is not appropriate to point to good choices made by Microsoft and Microsoft owns Hotmail but, well, yeah... They even had a limited trial of "AJAX" ne

Re:Remote images?

[Anonymous Coward]

Gmail was certainly not the first. I know that Rocketmail(now Yahoo!) and Hotmail had this feature long before Google as a company even existed.

Re:Remote images?

[afidel]

Here's a way to do hypertargeted tracking to a gmail client, buy an adword for some made up many character 'word' like asdjhfgkjbadjghiougscvo and then include it at the end of or embedded in the html of an email. Then just view the stats on the adword. If you are smart enough there is generally a way to do things to the majority of people who are non-paranoid. Personally that's why I like things like Mozilla and Thunderbird, their defaults are set by people who ARE paranoid =)

Thunderbird

[Akaihiryuu]

"The sender of this message has requested to be notified when you read this message. Would you like to send confirmation to the sender?" I may be paraphrasing slightly, I don't remember the exact wording.

If you send me an email, those bits are MINE

[Anonymous Coward]

Try to prevent me from forwarding or printing those bits, and I'll do it just to spite your sniveling ass.

And there's NO way to stop me. If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish, and I take offense at any attempts to prevent me from doing just that.

copyright

[speedtux]

If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish,

The copyright still remains with the sender, so, no, they are not yours. Furthermore, you cannot legally do with them as you wish.

Re:copyright

[palegray.net]

Please cite a case where copyright law was used to prosecute someone for forwarding an email.

Re:

[speedtux]

Your question is a non-sequitur, but apparently one made in an attempt to score rhetorical points. I'm not going to debate with you on that level.

Re:

[djcapelis]

One could argue sending an e-mail creates an implicit license to use portions of that e-mail for certain reasonable and limited functions. (I.E. Maybe not forwarding the attachments, but the textual content of the e-mail shouldn't be restricted from being forwarded just because of copyright law.)

Would depend on the judge, but certainly I think there's room in the law for sanity on a matter such as this....

As usual, I am not a lawyer, but it seems to me that your assertion that it's a clear cut legal issue

Re:

[Kingrames]

Don't give them any ideas, you clod!

Re:

[bmo]

"The copyright still remains with the sender, so, no, they are not yours. Furthermore, you cannot legally do with them as you wish."

I can do with the email as I wish. I can post it all over usenet if I so desire if I am not bound by a civil contract like an NDA or something. Then there are those so-called disclaimers that demand that the email be deleted if it was sent in error, and that it may contain confidential information or some other nonsense. At most they are there to scare people. At best, they

Re:

[DustyShadow]

I can do with the email as I wish. I can post it all over usenet if I so desire if I am not bound by a civil contract like an NDA or something.

Wrong. Copyright is not a contract. It is a federal law. Furthermore, the copyright notification requirement was dropped years ago (1989 to be exact). The email writer does not have to notify you of any intent to enforce or not to enforce the copyright. Without a license, you can't reproduce it (outside of fair uses).

Now, there is another question about whether what is in the email is copyrightable but that's beyond the scope of this discussion.

Re:

[tomhudson]

If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish,

The copyright still remains with the sender, so, no, they are not yours. Furthermore, you cannot legally do with them as you wish.

Nope. Mail addressed to you becomes YOUR property. It is a gift from the sender to you. You may do anything with YOUR copy that you wish. Why do you think they need a warrant to search YOUR computer/mailbox, and not a warrant for each sender as well?

Every

Re:

[tomhudson]

Posting it via the net (email) IS publication. There is NO assumption whatsoever of privacy, unlike sealed mail through the post office. It has the same effect as a post card. If you believe your email isn't scanned, backed up on various servers, etc., you're naive. At any one time ther are multiple copies of your email sitting on your machine, the recipient's machine, undeleted mail queues, etc.

Email is not private. Get over it. If you want privacy, use pgp, or gpg. Don't depend on copyright law to "pre

Re:

[tomhudson]

You are automatically granted a license to copy email by the sender, since that is the ONLY way for you to actually read the email. Think of it - when you "send" email, your copy doesn't cease to exist on your computer and magically appear on the recipients' computer. You send a copy of the data, and it gets copied to various servers, into backups, etc., it's also scanned by 3rd parties, and the recipient finally receives a copy. Claiming that their making a copy would be infringement is meaningless. Just

i use Mozilla's Seamonkey suite

[FudRucker]

browser, email client, IRC...

in the email client it defaults to not automatically load images and always go to prefrences and select to NEVER send a return receipt, it is nobodies business what i read...

Only if your mail client is severely misconfigured

[Idaho]

Thunderbird defaults to asking when someone asks for a return receipt; I always change the setting to not even ask but simply never to send them. It is nobodies business to know whether, not to mention when I have first opened their e-mail (which is also, by the way, not the same thing as actually reading it).

In addition, you should set your client to never download external images. This should solve about 99% of these "exploits". As far as I can remember, the company mentioned uses a transparent/invisible image on an intentionally slowed down server that feeds the image byte by byte; usually, mail clients disconnect/cancel the download once you click another message.

I can only imagine "preventing" forwarding to work with really retarded mail clients (I think we all know the one I'm talking about).

The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

I've changed that on mine.

[khasim]

The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

I work for a small insurance company. I cannot silently kill any incoming email.

So the email addresses are Firstname.Lastname@ (although we also accept and deliver FirstnameLastname@).

Phishing for "

Re:

[AaronLawrence]

It's OK to not accept mail, but your system should do it at the initial SMTP exchange, not accept it and then decide to bounce. Otherwise you just transfer all the spam onto innocent third parties. (Backscatter)

Re:

[cyberchuck.nz]

Thunderbird defaults to asking when someone asks for a return receipt

Difference is that the recipient is notified about the return receipt and they can choose to take action from there.
Transparent images embedded in html emails (which never should have been started in the first place) are a different kettle of fish, in that most users won't realize that their email is being monitored

I suppose one way of gaining awareness would be setting up a system (think Sorbs/Spamhaus), which lists domains of people who embed sort of shit in their emails.
Companies frown upon negat

Re:

[xaxa]

The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

That would be annoying if it became widespread. Mistyped an email address? Tough.

Re:Only if your mail client is severely misconfigu

[billcopc]

The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)

Spammers don't care about bounces, they deliver the message and move on. They don't linger around for a bounce, since that would require a valid return path, thus a trace back to the spammer's mail server.

I return bounces for all errors. If it's coming from a spammy host, there are other solutions far more effective and precise to reduce their volume. For one, Postfix drops the connection if several consecutive errors occur, and greylisting is a marvel against the common pump-and-dump spammers. There

Re:Only if your mail client is severely misconfigu

[thegrassyknowl]

It is nobodies business to know whether, not to mention when I have first opened their e-mail (which is also, by the way, not the same thing as actually reading it).

I actually worked in a company where the "boss" put in place policy that all emails will request a read receipt AND he started investigating using these shoddy services.

I was very quick to drop the receipt headers in our mail server and forcing all outgoing mail to go through it.

There's not much you can do when they invoke these shitty tracking services though. It just becomes a cat and mouse game of shut one down and another pops up in its place or they find a workaround for your block.

Re:

[Matt Perry]

I wrote a perl script and cron task that I used to use to send about 30 to 50 read receipts to people who request them. It sends them over the course of a week or two. When people ask about getting all of the read receipts, I tell them, "Every time I open your email it lets you know I read it. Isn't that what you wanted?"

Supported platforms

[jaavaaguru]

Let me know when this works with Pine or GMail. OTOH, my blackberry seems to support self destructing text messages, or maybe it just looses them randomly.

I also wondered about Gmail

[HangingChad]

I run all my pop accounts through GMail. Images don't load automatically and I keep javascript on a short leash. So, do those services have some kind of techno-magic or are they just spying on the weak, the lame and the infirm?

Did you get it?

[RidcullyTheBrown]

I am amused by the ways people treat different technologies. I see people who assume that email delivery is perfect and instantaneous, and get upset if their message is delayed or doesn't reach the destination. The same people will follow up a fax with a phone call to confirm the recipient got it. There appears to be no difference in the importance of the messages involved, so perhaps it is a generational (in terms of the technology) thing.

The other thing I see around here is the people who request a receipt (we use Outlook) when they send a global email to all 1500 users on the system. Most of them only do it once.

Re:Did you get it?

[tomhudson]

People at my work still send me stuff with receipt requested. The first time anybody does it they wonder why I never read my email. My answer is always the same. Email is fundamentally unreliable and my client doesn't send receipts.

Do what I did ... "I didn't need to read your email a second time - I got the original off you machine earlier today as you typed it. I *told* you you're running an unsecure OS!"

You'd be surprised how many people fall for it.

The kind of people who would do this...

[hyades1]

...probably wouldn't realize that good old "Print Screen" or "Alt-Print Screen" would provide all the evidence you need to hang 'em high, if they were counting on their self-destructing e-mail to cover their tracks or screw you over.

Too much trouble for everyday use, but most people have a pretty good idea about who they have to watch out for among their business associates.

Re:

[Anonymous Coward]

Print Screen is ridiculously easy to forge.

Why it can't work

[Anonymous Coward]

Here's a good summary of why such plans won't work:
http://theamigo.blogspot.com/2007/07/expiring-email-no-not-really.html

Re:Why it can't work

[Just some bastard]

Here's a good summary of why such plans won't work:

Here's another one: http://www.sox-online.com/act_section_802.html [sox-online.com]

html-only email

[bcrowell]

As various people have pointed out, this would only really work if you sent html-only email, and if the recipient was guaranteed to have client software that executed javascript or something. I use mutt, a text-only email reader, and I have my mail software set up so it bounces html-only email (that it doesn't think is spam) back to the sender with an error message explaining that html-only email violates internet standards. I've never understood why anyone sends html-only email. Seems hard to believe that there would be service providers so clueless that they'd make html-only the default, and it also seems hard to believe that people would be clueless enough to want to send html-only email, but clueful enough to switch to html-only if it wasn't the default.

I have to admit that the concept of being able to get a return receipt for email has a certain allure. Recently, for example, my boss got pissed off at me and made a big scene because he thought I hadn't notified him about something. I happened to have a copy of the email in which I notified him, and I also happened to have saved his reply to it. But what if I hadn't saved the reply, or if he hadn't replied?

A lot of people send CYA emails, e.g., "Okay, this is to confirm that you want me to put the uranium in the crisper drawer of the fridge, and that you take responsibility for the results." But the recipient can pretend he never got it.

Re:html-only email

[martin-boundary]

Just a little clarification FYI: HTML only messages do not violate internet standards. It's quite standards compliant, as the minimum is RFC2822, which has no requirement about the content other than the character set it's written in.

The MIME standards (which are entirely optional) do not require duplicate text and html versions of a message either. There are several MIME content types, of which only multipart/alternative is intended for duplicate content with degraded formatting such as separate text and html versions, and in this case the actual formats can be anything, eg they could be a text version and an MS Word version, without an HTML version.

Re:

[ion.simon.c]

...I have my mail software set up so it bounces html-only email (that it doesn't think is spam) back to the sender with an error message explaining that html-only email violates internet standards.

Um. I'm unaware of any IETF standard regarding HTML-formatted email transmission. Unless you can link me to such a standard, there is no violation.
Also, you are an ass. Additionally, if you're unable to configure an MUA produced in the last five years to correctly render HTML email, you're a fucking moron.

Re:

[cerberusss]

Recently, for example, my boss got pissed off at me and made a big scene because he thought I hadn't notified him about something. I happened to have a copy of the email in which I notified him, and I also happened to have saved his reply to it. But what if I hadn't saved the reply, or if he hadn't replied?

Then he would be just as mad at you as he now is. Because don't think for a minute that because saying "I *did* tell you" leaves you off the hook.

What basically happens, is that he's disappointed and h

Re:

[thegrassyknowl]

Because wanting to use italics, underline, bold, fonts, etc., allows more expressivity?

And the 'standard' way to do that (and is supported by Gmail at least) is:
*bold* /italics/ _underline_

I think you need to get your facts straight. Email is text-only. There's no great need to lay it out and format it like a bloody well polished journal article.

For what reason? For the 1% of users who don't use an HTML-capable email reader?

No, because HTML email uses a lot more bandwidth, doesn't render the same in any two places, etc. Text only email truncated at around 72 chars per line is almost guaranteed to render the same no matter where the reader is.

Personally I've never understood the reason for sending dual plain-text and HTML copies in the same email. It's just doubling the bandwidth for something that can be trivially "downgraded" on demand.

The first smart thing

Re:

[thegrassyknowl]

because wanting to use italics, underline, bold, fonts, etc., allows more expressivity?

I was also going to say: if you can't find the correct choice of words to express your sentiment then you should consider going back to grade school and relearning your primary language. Expressing your position really isn't that difficult and you don't need a gazillion fonts and colours to do it.

Re:

[AaronLawrence]

I think you need to get your facts straight. Email is text-only. There's no great need to lay it out and format it like a bloody well polished journal article.

Originally, yes, email was text only, but like everything else it evolves as the users and developers want. In particular, business usage of email has diverged very far from the original ideals.

HTML is pretty much the standard in most corporate mail systems, as far as I can see, and I do myself use it for basic formatting and inline images. The most common usage I see is for quoting and inline replies with multiple colours. While this is partly generated by the limitations of Outlook, I actually find it e

Re:

[thegrassyknowl]

. In fact there is a TBird plugin to do the same thing automatically...

Automatically; that is the point. There's no need to include that formatting in the email because the mail client can work out how to emphasise the different levels of reply based on the standard quote marker (greater than) in an email.

In fact, using HTML and trying do to it magically makes it harder for users who don't get HTML mails to read or to copy/paste out a relevant section into something else.

Re:

[thegrassyknowl]

Not all users want to receive emails that are nothing but a line of text and an MS-Word attachment, or that have text in cyan letters overlaid on a background of ocean waves crashing on the beach.

I don't want to receive any MS Word attachments to emails.

That said, I'd much rather see a PDF if sharing it with formatting is so damned important to the sender. At least I can read PDFs and see the same thing they saw. That is a problem with rich text formats and Word attachments.

The biggest problem with making something like HTML mail a feature is that suddenly every schmuck feels that they MUST use this shiny new feature and you get just that; a bunch of emails with Javascript signatures that fade in

Re:

[tomhudson]

Because wanting to use italics, underline, bold, fonts, etc., allows more expressivity?

Many email clients understand the old tricks for indicating bold or italics - *bold* and /italics/.

Anything much more than that, and you end up with email that looks like a ransom letter on crack - 15 different fonts, blinking text, all sorts of images, etc.

Links to actual services

[e r i k 0]

I'm surprised the author didn't link to the actual services:

• ReadNotify FAQ [readnotify.com] - doesn't seem to give too much actual info on how it works, but looks like it's a combination of images hosted on the ReadNotify server with tracked downloads, rewritten links to go through ReadNotify servers to add log entries, and some other things I couldn't guess immediately.
• MessageTag [msgtag.com] seems to just be an image hosting service which tracks image downloads.

Both seem to be easily defeated; indeed, the ReadNotify FAQ mentions that the "invisible" tracking service (which I assume means that it just includes the tracking images in the message) may be unreliable.

Re:

[tomhudson]

and also a 1x1 transparent .GIF ... no need for spammy images

... and many of us (myself included) would never request your spammy gif. Plain-text email should be the default, with a "this email contains html. click here only if you trust the sender" like kmail does it.

Blacklisting the abusers

[Arrogant-Bastard]

It is clear that readnotify and their ilk are engaged in abusive activities: we would not tolerate the equivalent with snail-mail, and so we should of course not tolerate it with email, either. These abusers are only one step removed from spam and spyware, and should therefore of course be blacklisted permanently.

I therefore recommend blacklisting (in your MTA and web proxy) readnotify.com, pointofmail.com, e-mail-servers.com, didtheyreadit.com, mailinfo.com, and msgtag.com. I welcome any additions to this list.

I should also mention that those who use superior mail clients -- e.g., mutt -- can avoid being spied on by these abusers. I strongly recommend using such clients, or configuring other lesser clients so that they do not cooperate.

Re:

[fuzzyfuzzyfungus]

One might also point out the threat that such services as these can pose to the sender of the message. From a quick look at ReadNotify's instruction page, it looks like you append .readnotify.com to the email address you wish to send mail to. From an ease of use standpoint this is quite cute. However, unless I am very much mistaken, your email will actually be sent to "originalusername"@originaldomain.readnotify.com Presumably, readnotify has their systems set up to accept such odd emails and then process t

These services are weak, some aren't.

[fuzzyfuzzyfungus]

The services discussed in TFA look like seriously weak sauce. Like anything that doesn't monkey with the recipient's system, they can be defeated by not loading external material, not executing javascript, and so on.

The more dangerous class of trackers are those that do operate on the recipient's system. In principle those can be defeated, just as DRM systems can; but doing so may be substantially challenging, particularly for joe user. Luckily, requiring the recipient to install a program of some sort just to view an email is pretty inconvenient, so these aren't commonly used; but if an entity that you pretty much have to interact with(employer, distance education system, government, etc.) took up using such a system, there would be a serious danger.

If the system is running on your computer...

[patio11]

... the system isn't the attacker. The end user is the attacker. (Sidenote: if you are using an email system over a dedicated client which was provided for you to ensure system security, accountability, and auditing compliance, you a) aren't using email, sorry and b) presumably knew what you were getting into when you signed up.)

P.S. Wouldn't sending a letter in WoW fall under a "more dangerous class of trackers", since one entity knows the sent and received states of all messages on the system and can vi

CYA

[fishthegeek]

I use readnotify. Not on every email, but some important ones. Since I have to deal with continuing education and am constantly taking classes I find that readnotify is useful for covering my ass.

True story, I took an online course in Fall 07. I submitted my final to the prof. via email at his request. Neither the email or the attachment was ever opened and readnotify is extremely reliable for this particular prof. I still got a 4.0 so I'm not complaining.

Re:CYA

[stabiesoft]

How do you know the prof didn't use pine to read the email? No one would ever know if I read an email. Once the email has been received by my mail server, no one knows (except me) if it got read & saved, read & deleted, or just deleted.

Re:

[Phroggy]

How do you know the prof didn't use pine to read the email? No one would ever know if I read an email. Once the email has been received by my mail server, no one knows (except me) if it got read & saved, read & deleted, or just deleted.

Presumably by "readnotify is extremely reliable for this particular prof" he meant that the recipient is known not to be a pine user, because readnotify has always worked when sending mail to this recipient in the past.

Aimed at the same people ...

[IchBinEinPenguin]

... who use Outlook's "recall email" feature :-)

email image tracking

[geoff_smith82]

Several years ago, I helped save someone some money by tracking where a particular person actually was via email. Realizing a tracking image in an email was unreliable, I also added a tracking image into a word document... which doesn't have any protection against loading images from remote servers.

Long story short - the person was on the other side of the world to where they were claiming to be based on their IP address.

Microsoft has them covered

[Rui del-Negro]

It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.

MS Outlook has been doing that for years, with one extra feature: it also prevents the recipient from actually reading the message. All he sees is an empty message with an attachment called "winmail.dat".

Now, if Outlook could come configured by default to prevent sending the messages in the first place, that would really help conserve bandwidth.

ELM

[marcovje]

Makes you wonder why people abandonned ELM :-)

Not Your E-Mail Any Longer

[Nom du Keyboard]

Once you've sent it to me it's not your e-mail any longer. It's mine to do as I with wish.

If it were otherwise then you're not sending me e-mail, but instead a license agreement to read your words for a limited period of time. If that's the case, then there needs to be a click-through license agreement first.