Can you tell if an email was read?
Results 1 to 9 of 9

Thread: Can you tell if an email was read?

  1. #1
    Member
    Join Date
    Apr 2006
    Posts
    66

    Can you tell if an email was read?

    I wasn't sure if this should go into N00b Security or Web Security, so if its in the wrong place a apologize. Anyway I was just curious as to if there is anyway to find out if an email that you have sent has been read or not. Specifically using Gmail. I have done some research and I found a few websites that say they can do it along with various other information, but I'd rather be able to do it myself. Is it possible to tell? If not can somone explain to me how these websites work then?
    Thanks guys

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    It depends on how the email was composed and how the recipient has their mail clients setup.

    If you're accepting/responding to "read or delivery" receipts, then yes. A sender can request a receipt. You can allow or deny the receipt.

    The sender can imbed an image into an html email. Once you open it in html format, you download the image and they can see in their web server logs if you've opened/viewed the email (think web bug).

    If the user is rejecting read and delivery receipts and only allows their mail to be delivered as text or rich text... and doesnt click on any links in the email (or view images that were hosted remotely), then no.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Member
    Join Date
    Apr 2006
    Posts
    66
    Do those websites use the imbeded technique? I had thought of that once before, but If I just wanted to know if somone read a text based email is the "read or delivery" reciept the only way to go?
    With the "read or delivery" reciepts, do they have to accept or send the reciept back? IE is there a button that says "send reciept"? or is it just something that automatically sends you notification when the email has been opened without the readers awareness.

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    If not can somone explain to me how these websites work then?
    I would be highly suspicious of such sites. Many people make claims that they cannot fulfill either technically or legally.

    You mention Gmail................ I believe that they "filter" messages so that the embedding technique will not work?

    I have seen the kind of thing you are talking about in commercial or institutional implementations. If you report stuff to the FBI for example, you will get an automated acknowledgement. Most e-commerce systems will send an automated acknowledgement and so on.

    Internally (LAN/WAN) I have seen systems that automatically record receipt and opening of mail. This tends to be linked to some sort of monitoring and escalation process. Other implementations would require you to request a receipt and give the receiving party the option of whether to reply or not.

    I guess the short answer is that you cannot tell unless the other party wants you to.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Member
    Join Date
    Apr 2006
    Posts
    66
    Yeah I am usually pretty aprehensive of sites like these in the first place. I did a quick google and found one here
    http://www.readnotify.com/readnotify/about.asp.
    Looks like you they send it through their mail server? I'm not too sure. My networking knowledge is limited (still waiting to take that networking 101-103 course :P). Anyway thanks for answering my question guys. Nihil a pleasure as always.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Phalse,

    Here are a couple of links that might interest you:

    http://www.securityfocus.com/columnists/258

    http://alexle.net/archives/147

    It seems that readnotify uses Iframes as well as web bugs.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Member
    Join Date
    Apr 2006
    Posts
    66
    Wow, that was extremely helpful. I had no idea that Iframes were capable of such clever sneakiness.
    I don't however understand how HTML can gather so much information about a target.
    An iFrame is basically just a way to imbed another HTML document inside another. However, how can that be used to gather so much information ie. IP and Location? I know very basic HTML and even less networking so I don't have a full sense of how things work in that great cloud of the internet.
    Even if it was able to get the IP, doesn't that just point you to the ISP?
    nihil thanks agian for the reference material.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Phalse,

    Yes, they would get the IP address of the mailserver and possibly the client. If it were me they would be way out, as I don't live anywhere near my ISP's centres and I get a new IP each time.

    If you use AOL the results would be useless as well due to their peculiar architecture.

    I think that a lot of the information is pretty superfluous............ you generally know it already? or why are you sending an e-mail?

    Incidentally, it seems that the software won't work with some mail clients that block embedded items?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Member
    Join Date
    Apr 2006
    Posts
    66
    Yeah, I guess most of that information is just fluff to make it seem better. Thanks for all the information
    until next time :P

Similar Threads

  1. Orkut Email Address Disclosure Vulnerability
    By xdisclose in forum Web Security
    Replies: 0
    Last Post: December 8th, 2006, 06:39 PM
  2. **Urgent** DVD combo help
    By ByTeWrangler in forum Hardware
    Replies: 13
    Last Post: March 27th, 2006, 10:58 PM
  3. NREL.gov sends me email, subject "stolen document"
    By NXcng in forum Newbie Security Questions
    Replies: 9
    Last Post: April 8th, 2004, 03:33 PM
  4. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 07:38 PM
  5. Email notification when a new post...
    By Trust_Not_123 in forum Site Feedback/Questions/Suggestions
    Replies: 11
    Last Post: December 8th, 2002, 03:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides