Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: spam technique name?
Date: Tue Apr 22 2003 - 12:18:46 CDT
The new trick is to use HTML. By using it, they can link/encode the html
request for graphics from a server therefor linking your email address.
> Hello all
> Recently I was thinking about a technique that could be used by spammers, I
> don't know a common name or something for such a technique, so if you know it
> please let me know.
> How can a spammer know if the victim opened the mail?, one is the well
> known "Remove Me" link which, in fact, will confirm user read the message (and
> probably will be bombed with many more, now that he said "hey!, I'm here").
> However, it requires user interaction.
> A simple "solution" can be to insert a Image, Link (for CSS for example)
> or Script tag in the HTML mail, all those elements indicate Web browsers to send
> a GET request using the SRC or HREF attribute, without user interaction.
> Sample Code (Mail sent to ficticious peterfoomail.com)
> Dear Peter<br>
> Buy our brand new product, CHEAP, CHEAP, CHEAP....
> Click <a href='http://www.spamer.com/ConfirmVictim.php'>Here</a> to be
> NOTE:the presence of this link indicates this is not spamming even if
> you don't ask for this email
> Viewing (or "previewing" in Outlook or similar) this email will automatically
> send a request for a "image" file served by a Server-side script, first
> recording the data without explicit authorization.
> I've tested this (using 3 different tags) using Exchange and some others public
> accounts. I have succeed in all cases.
> So have you seen something similar? do you think this is a kind of XSS? I do.
> cheers :)
> Juan C Calderon
> IT Security