Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OT: Secret email?!

  • From: Steven M. Bellovin
  • Date: Thu Nov 29 20:21:21 2001

In message <>, Joe
 Blanchard writes:

>Greetings all
>I know this might have been brought up before so please disregard if
> so. Thought it might be of interest to some.
>	While looking for ways to indicate that nimda/codered ect was 
>pushed to a client within my network, I tripped across something 
>completely unrelated, but interesting. 
>It seems these email clients that utilize html formating also 
>send out information unknowingly. I know nothing new, but heres 
>the senario. A spam email arrives, client opens/previews the email 
>and its pretty gifs/jpgs ect, while at the bottom a link is retrieving 
>what looks like a logo. Example:
><a href="";><img
>.com&msgid=281101000" width="109" height="16" border="0"
>What it does in fact is send information to a host 
>(from the firewall's view):
>> 12:54:01: %PIX-5-304001: Accessed URL
>> =281101000 
>(from the host's view):
>GET /counter.php?client=newhorizons&
>which in turn (I suppose) places my email address into a database thats used
>for spaming. i.e. verifying that my email address is valid. While watching 
>for this behavior, I saw about 10 other nodes/users do this, none of which 
>knew the information had been sent out. Kind of sneaky if you ask me.

Yup -- that's why I turn off images on those rare occasions that I 
bother to read html email.

		--Steve Bellovin,
		Full text of "Firewalls" book now at

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.