PDA

View Full Version : How in world does Yahoo supposedly track emails?



SoftwareExplorer
September 24th, 2009, 05:27 AM
I seen quite a few emails that say they are being tracked by yahoo. How is this possible (if it is)? Could it be an image link that is embedded and the server that responds and records the address?

schauerlich
September 24th, 2009, 05:29 AM
It's a fake chain letter. Don't forward it.

SoftwareExplorer
September 24th, 2009, 05:50 AM
I don't forward them because I figure it might all be a lie. And of course, you can't take back an email after it is sent.

What about how Outlook Express (or maybe it was outlook) says that it has blocked images to prevent the sender from identifying your computer. Why does it say that?

Sean Moran
September 24th, 2009, 05:51 AM
It's a fake chain letter. Don't forward it.

I don't mean to drift too far off-topic, but was just browsing through this thread and your reply brought to mind something that came up in my Yahoo! mail the other day that you may know a little more than me about.

It was assumedly from Yahoo! - something about closing my account if I didnt't reply with the prewritten form that asked for all my personal details, (and I only use Yahoo! for email alone no Y!M etc.).

I simply assumed that it was from Yahoo! (rather timely as Geocities is about to close and so I assumed this was some kind of related spring-cleaning operation) but rather than waste time with it, I've opened a new web-mail address with another host just this morning. That was the last straw.

I'd rather not have to go through the rigmarole of writing to BOTH my friends and changing email addresses unless there's a good enough reason, and Yahoo! quality has suffered quite a lot in recent years IMHO, but it's been reliable email for many years before this, and I would rather stick with it if the whole thing was some kind of hoax, which I now see as a possibility..

Would you suppose that perhaps the email I received wasn't actually from Yahoo! to begin with?

sliketymo
September 24th, 2009, 06:04 AM
I don't mean to drift too far off-topic, but was just browsing through this thread and your reply brought to mind something that came up in my Yahoo! mail the other day that you may know a little more than me about.

It was assumedly from Yahoo! - something about closing my account if I didnt't reply with the prewritten form that asked for all my personal details, (and I only use Yahoo! for email alone no Y!M etc.).

I simply assumed that it was from Yahoo! (rather timely as Geocities is about to close and so I assumed this was some kind of related spring-cleaning operation) but rather than waste time with it, I've opened a new web-mail address with another host just this morning. That was the last straw.

I'd rather not have to go through the rigmarole of writing to BOTH my friends and changing email addresses unless there's a good enough reason, and Yahoo! quality has suffered quite a lot in recent years IMHO, but it's been reliable email for many years before this, and I would rather stick with it if the whole thing was some kind of hoax, which I now see as a possibility..

Would you suppose that perhaps the email I received wasn't actually from Yahoo! to begin with?
If you receive an e-mail wanting you to "update" your information.ignore it! They are called "Phishing". Learned the hard way.

Sean Moran
September 24th, 2009, 06:10 AM
If you receive an e-mail wanting you to "update" your information.ignore it! They are called "Phishing". Learned the hard way.
Thanks mate!

Looking back now, I have to laugh at how they fooled me so easily. I'll stay with Yahoo! and not get fooled again, but then again, that's what I said the last time. 9-)

sliketymo
September 24th, 2009, 06:20 AM
Thanks mate!

Looking back now, I have to laugh at how they fooled me so easily. I'll stay with Yahoo! and not get fooled again, but then again, that's what I said the last time. 9-)
More than welcome.OH,they'll even come from ,supposedly,your ISP.! Don't fall for them either! Your ISP has all the info they need to contact you in case of a change or something.If you get something that even a little bit seems suspicious,it probably is.!

SoftwareExplorer
September 25th, 2009, 02:06 AM
So would it be possible or not to have an image in a html email that is stored on a webserver? If so, couldn't it be like a webcounter?

sliketymo
September 25th, 2009, 03:31 AM
So would it be possible or not to have an image in a html email that is stored on a webserver? If so, couldn't it be like a webcounter?

It wouldn't necessarily have to be an image.All e-mails are tracked from origination to destination.No big secret there.Your tracked from one site to another.Thats life.:guitar:

Xbehave
September 25th, 2009, 03:57 AM
It wouldn't necessarily have to be an image.All e-mails are tracked from origination to destination.No big secret there.Your tracked from one site to another.Thats life.:guitar:
To track after the email even if it is forwarded they can get your IP (but not your email) by embedding a URL in the email (either image or any item that needs to be loaded remotely). This is why most email clients will not load external references without your permission. So yes email tracking is possible but
1) they can't link it to your email address only your IP & email client
2) you need to load external references (which most mail clients block by default)

What the spammers do is wait till somebody sends them these chainmails then harvest all the addresses (often thousands),

SoftwareExplorer
September 25th, 2009, 04:19 AM
It wouldn't necessarily have to be an image.All e-mails are tracked from origination to destination.
Would that be in the header? Wouldn't that only work if the email got sent back to yahoo?

No big secret there.Your tracked from one site to another.Thats life.:guitar:
Your tracked from site to site by cookies, or by evesdropping if you are using http and not https, but you can delete cookies and use https.
(At least I don't think there are really any other ways that you can be tracked)

SoftwareExplorer
September 25th, 2009, 04:26 AM
To track after the email even if it is forwarded they can get your IP (but not your email) by embedding a URL in the email (either image or any item that needs to be loaded remotely). This is why most email clients will not load external references without your permission. So yes email tracking is possible but
1) they can't link it to your email address only your IP & email client
2) you need to load external references (which most mail clients block by default)

What the spammers do is wait till somebody sends them these chainmails then harvest all the addresses (often thousands),
Thanks for the answer that makes sense.
So if I figured out how to look at the html of the email I could take a tracker out? (To prove to my sisters it isn't being tracked, thats the whole reason it says to forward it, thought it might no be worth the effort)

SomeGuyDude
September 25th, 2009, 04:37 AM
Well... recorded/kept? Yes. Is there any way for them to actually "track" any one person's messages specifically? Hell no.

Think of it like wiretapping. If I put a bug in everyone in the USA's house and recorded every phone conversation, sure I'm listening in on everyone's calls but I'm sure as hell not able to do anything useful.

MasterNetra
September 25th, 2009, 04:55 AM
Honestly people come on think. A email service is not going to email you and ask for your personal information regarding your account with them. That doesn't even make sense to do considering all the info they need is already in their servers. Also yes emails can be traced. However any email that deals with that and request information, its phishing. Don't reply, just report it. Same with any such email.

Xbehave
September 25th, 2009, 11:09 AM
Thanks for the answer that makes sense.
So if I figured out how to look at the html of the email I could take a tracker out? (To prove to my sisters it isn't being tracked, thats the whole reason it says to forward it, thought it might no be worth the effort)
any external reference (so any external Image), which default most mail clients wont show, can be used to get your IP (it depends how the server is configured)

e.g if you view the source (in a mail client, it'll be harder using a webapp as the webapp code will be mixed up in there) the bits that could be tracked look like

<img src="http://www.mail-du-jour.com/PS/BLACKBERRY/001/images/mail_07.jpg" alt="Get the latest BlackBerry news and updates" title="Get the latest BlackBerry news and updates" width=3D"434" height="105" border="0">

There are more ways of tracking you

Referrers (automatically sent in most browsers) will tell a website what the last page you visited was
JavaScript tricks
JavaScript tracking on sites with googleanalytics installed (only google get to see the raw data for more than 1 domain though)
ping (the html component not the command) tracking
Timer attacks (AFAIK quite rare these days as images load pretty fast even if not from catch)
css attacks to see if you have be to a site before (saw a clever one recently that would check about 100 porn sites)
magic pixel tracking (heard about this one tbh not sure how it works)

If you are paranoid, the defence against most of these is controlling which scripts can run (and possibly what they can do) using yesscript / noscript / controldescripts
oh and changing the value of Network.http.sendRefererHeader (http://kb.mozillazine.org/Network.http.sendRefererHeader)
Timmer attacks are defended against by not caching anything or getting a broadband connection.

t0p
September 25th, 2009, 11:23 AM
I don't mean to drift too far off-topic, but was just browsing through this thread and your reply brought to mind something that came up in my Yahoo! mail the other day that you may know a little more than me about.

It was assumedly from Yahoo! - something about closing my account if I didnt't reply with the prewritten form that asked for all my personal details, (and I only use Yahoo! for email alone no Y!M etc.).

I simply assumed that it was from Yahoo! (rather timely as Geocities is about to close and so I assumed this was some kind of related spring-cleaning operation) but rather than waste time with it, I've opened a new web-mail address with another host just this morning. That was the last straw.

I'd rather not have to go through the rigmarole of writing to BOTH my friends and changing email addresses unless there's a good enough reason, and Yahoo! quality has suffered quite a lot in recent years IMHO, but it's been reliable email for many years before this, and I would rather stick with it if the whole thing was some kind of hoax, which I now see as a possibility..

Would you suppose that perhaps the email I received wasn't actually from Yahoo! to begin with?


Webmail providers, like Yahoo and Google (Gmail) have a clause in their terms and conditions that says you must provide accurate information to them. So, if they are auditing accounts and find an obviously bogus account (eg name is "Mickey Mouse"), they may be unhappy.

There have been instances in the past where owners of accounts with suspicious names have received emails purporting to be from the webmail provider, demanding to be sent true details: name, date of birth, address etc.

These emails ARE FRAUDALENT. They are NOT from your webmail provider. Ignore these emails, do NOT reply to them.

If your webmail provider don't like the way you're using your account, they will probably just close it down. They can't be bothered getting into detailed correspondence with you. As far as they are concerned, there's plenty more where you came from.

Sean Moran
September 25th, 2009, 12:23 PM
Webmail providers, like Yahoo and Google (Gmail) have a clause in their terms and conditions that says you must provide accurate information to them. So, if they are auditing accounts and find an obviously bogus account (eg name is "Mickey Mouse"), they may be unhappy.

There have been instances in the past where owners of accounts with suspicious names have received emails purporting to be from the webmail provider, demanding to be sent true details: name, date of birth, address etc.

These emails ARE FRAUDALENT. They are NOT from your webmail provider. Ignore these emails, do NOT reply to them.

If your webmail provider don't like the way you're using your account, they will probably just close it down. They can't be bothered getting into detailed correspondence with you. As far as they are concerned, there's plenty more where you came from.

On the morning of the 2008 Olympic Opening Games in Beijing (08-08-08 ), I was informed by Yahoo! in registering that the name of Sean Moran was already in use, and so I swapped a couple of letters to come up with aseanmorn from seanmoran and only because they asked me and I had to think quickly.

Bogus is as bogus does. I hope that this doesn't break the rules here or cause me too much spam to mention these details but the only bogus particle in this episode has either been Yahoo! or an imposter, and after the way that Yahoo! has fallen from grace with some of their antics lately, I am having trouble working out which it might be.

My original date of birth was 28/12/1967 and still remains the same, as far as most people understand. I didn't ask for bogus on that day which also happened to be the 41st anniversary of ASEAN (Association of South-East Asian Nations) That's why I chose that adjustment.

Anyway, I am glad to have your further reinforcement that it probably wasn't a legit email from Yahoo! themselves, even though I see how they are now failing quite badly to provide the professional services they have offered in the past, eg. moving the cursor in the midst of entering passwords and the plethora of useless and poo;ly edited lipstick-journalism that our Australian channel 7 has forced upon them from here downunder.

I still have faith in Yahoo!
:guitar: