Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: mcoleman (mcolemanuniontown.com)
Date: Wed May 16 2001 - 18:01:52 CDT
I have seen marketing attempts doing similiar things.
First, by loading the image, they can tell that the email they sent you was
actually read by someone (by looking in their logs of their web server for
the specific image name that was sent to you, which is unique just for you).
This makes spam much more valuable if you can prove it was actually read by
If you read the email, and your outlook pulls that image from their server,
they now know the IP address of the client that read the email (from their
logs). This image name will be slightly different for each email they send,
so they can correspond the request name with specific request for the image.
If the image loaded in your email, he now has your IP address, or your
NATted equivelent therein.
My personal firewall on my computer blocks port 80 attempts from outlook,
preventing these attempts from working.
----- Original Message -----
From: "Jason Lewis" <jlewisjasonlewis.net>
Sent: Tuesday, May 15, 2001 7:55 PM
Subject: Strange email
> I received this email today. The headers show it being sent from a
> in Korea. Everything in the headers is forged, but I just can't figure
> what the motive is behind it. Also, at the end of the email, there was a
> gif and I included the embedded html link. Has anyone else seen this?
> have munged the IP's.
> Hi my name is Sarah Pricer, a CS graduate student at UC Berkeley. I
> obtained your email address from www.arin.net when searching for the IP
> block(192.168.64.0 - 192.168.64.255 ) that you coordinate.
> I'm currently writing a thesis on the network topology and would very much
> appreciate your cooperation. I am trying to draw out a map of how the IPs
> are distributed geographically. I realize that the IP registration data
> often times have country/state/city information that are different from
> actual physical location of where the IPs are used.
> Arin data currently shows that 192.168.64.0 - 192.168.64.255 is registered
> Country: US
> State: VA
> City: MCLEAN
> Can you please tell me if this is the actual physical location of the IPs?
> If not, can you please tell me the actual location? Again, thank you for
> your cooperation.
> warm regards,
> Sarah P.
> Jason Lewis
> "All you can do is manage the risks. There is no security."