mjf
" "
Premium,Mod
join:2000-08-05
New Orleans, LA
clubs:
 ·AT&T Southeast
Host:
General Questions
Wireless Networking
Covad / covad.net
D-Link
Difficult Searches..
| www.confirm.to returns your IP to email sender
Read about this and decided to try it. Send an email to a buddy and append his/her address with .confirm.to e.g. joe@domain.com.confirm.to. When the email is opened a read receipt is secretly generated and sent back to you. The info it contains includes the recipients IP address. I sent an email to my home Computer which has an NAT block via the Router and Zone Alarm and the following was sent back to me (I've edited out my info because it was totally accurate):
Confirm.TO Mail Read Receipt
Who Read:
xxxxxx@"domain".com
Subject:
Re: Web Page
Read When:
Thu, 22 Feb 2001 11:12:01 -0600
Read Where:
(dsl-216-227-xxx-x."domain".com [216.227.xxx.x]) Position & Map
This Notice Sent To:
xxxxx@"domain".com
Sent When:
Thu, 22 Feb 2001 08:47:13 -0600
Notary ID:
"XXXXXXXXXXXXXXXXXXXXX"
Mail Receipt Notification Service (Patent Pending) by Postel Services Co.
Go to »www.confirm.to to read all about it.
--
"Give me the benefit of your convictions but keep your doubts to yourself. I have enough of my own." - Goethe |
|
notdedyet
join:2000-08-28
Littleton, MA
| said by their FAQ:
No additional softwars or upgrade are needed. The only requirement is that recipients' e-mail client software should support HTML message browsing. OutLook Express 4.x and Netscape Messenger 4.0 or later are welcomed.
The sender can use any e-mail client software.
For the recipient whose e-mail client software display only plain texts, confirm.to service attach a plain text version of the message body in every transaction. Of course, it contains no tags to automate the read receipt delivery, but has banner phrases saying that manual receipt confirmation is requested by the sender.
In other words, they're using an HTML bug. Since I use Eudora but use only Eudora's built-in HTML renderer (not IE), I don't think that this will work when sending messages to me. I'll have to try this at home tonight.
(And another reason for not letting IE or Outlook at my mail.) |
|
RAMMIE
Premium
join:2000-10-23 | In OE under reciepts,check never send a reciept.This keeps spammers from knowing if you opened their spam. |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
 ·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| That won't help. They are using the 1 pixel HTML "feature" to access their server when you open the mail. The only way to defeat it is to not open HTML mail. This is the same thing lots of the e-commerce sites are doing to see who read the ads or email spam. |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| Or refuse to use OE or any other "fancy" e-mail client. I use Pegasus Mail. I only use Pegasus Mail. I've only ever used Pegasus Mail. I have no desire for the "features" I'm "missing." I use mail to send and receive messages; if anyone wants to send me HTML, they can attach the page... and maybe I'll open it... if it's obviously an ad, though, I won't. I've reached a point where I've gotten tired of even trying to understand why we need a lot of the features OE tries to incorporate... If I get a machine preloaded with OE, I uninstall it immediately and install Pegasus. I hated OE the first time I saw it (a lot like MS Office, really) and liked it even less after I tried it for about a week. This is yet one more of many, many strikes against the Microsoft Virus Transfer Protocol (aka OE) and every other "fancy" e-mail client out there... or, we can just... ahhh... "drink the pretty purple kool aid." 
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs: | reply to mjf
rbf- can you put "127.0.0.1 www.confirm.to" in your Hosts file and black this activity?? |
|
Ausnetwanderer
join:2000-11-03
Down Under
| reply to mjf
Tried the same through Hotmail and received the same reply with permissable usage information at the bottom of the "?mail read receipt?".
Mail Read Receipt
Who Read: ausnetwanderer@hotmail.com
Subject: test
Read When: Fri, 23 Feb 2001 13:59:50 +1100
Read Where: (my full address [xx.xx.xx.xxx]) Position & Map
This Notice Sent To: xxxxxx@xxx.xxx.au (ME)
Sent When: Fri, 23 Feb 2001 13:56:48 +1100
Notary ID: (string removed)
Mail Receipt Notification Service (Patent Pending) by Postel Services Co.
xxxxx@xxx.xxx.xx' current usage and quota
criteria max # of recipients max # of bytes
per message: 30 10 Mbytes
per hour: 30 30 Mbytes
per month: 30 30 Mbytes
current usage 1/30 0.0 Mbytes / 30 Mbytes
[Warning] Please Check your confirm.to usage/QUOTA as often as possible ( in the bottom of every notice page ).
From Jun 2000, Your default confirm.to FREE quota is set to 30 messages per month ( 300 => 30).
For your 31th ~ 150th message, you cannot receive read receipt any more. The 301th message you sent will be bounced to you with Quota Error message.
If you want to upgrade your default quota for minimal fee ,
visit at [Confirm.to Quota setup]
or mail to info@postel.co.kr. Phone: +82-2-2009-2615
---------------------------------------------------------------------
rbf.... [b] you notice that there was an account set up for you? Check the usage in the bottom section of this post. I have used 1/30th of my allocation. 
--
Enjoy 
John
[text was edited by author 2001-02-22 22:23:13] |
|
mjf
" "
Premium,Mod
join:2000-08-05
New Orleans, LA
clubs:
·AT&T Southeast
Host:
General Questions
Wireless Networking
Covad / covad.net
D-Link
Difficult Searches..
| reply to R2
said by R2:
rbf- can you put "127.0.0.1 www.confirm.to" in your Hosts file and black this activity??
I'll give it a try but I've been defeated with all other attempts. OE (my mail) does not give me the option not to open html. My ultimate solution is to get rid of OE. Lotus notes (at work) does not surrender to this.
I'll let you know.
--
"Give me the benefit of your convictions but keep your doubts to yourself. I have enough of my own." - Goethe |
|
mjf
" "
Premium,Mod
join:2000-08-05
New Orleans, LA
clubs:
·AT&T Southeast
Host:
General Questions
Wireless Networking
Covad / covad.net
D-Link
Difficult Searches..
| reply to Ausnetwanderer
said by ausnetwanderer:
rbf.... [b] you notice that there was an account set up for you? Check the usage in the bottom section of this post. I have used 1/30th of my allocation.
I didn't get that - you must have a better credit rating. What is it now - A$.60 to US$1.00?:)
--
"Give me the benefit of your convictions but keep your doubts to yourself. I have enough of my own." - Goethe |
|
Rxdoxx
Premium,Mod
join:2000-11-03
Middle River, MD
clubs:
 ·Verizon FIOS
 ·Comcast
Host:
Software
Washington & Balti..
| reply to R2
R2, I love it, give you a new toy and you will figure out hundreds of things to do with it that others haven't thought of try it! www.*.confirm to ????? or www.*.*.confirm.to ????? since confirm to isn't really a site the * may be needed. (there SEE! you've got me doing it too  )
--
Tamiflu (rx) works for the real flu, but $$ your HMO won't tell you and if you don't know about it to ask.... www.tamiflu.com |
|
RDionysus
join:2000-10-03
Lindenhurst, NY
|  Can anyone tell me how exactly your IP address from which you are reading the "tagged" mail is determined? When I tested it I got a ping from Postel (which ZoneAlarm blocked), but the receipt was perfect and did indeed contain my IP address.
[text was edited by author 2001-02-22 22:46:46] |
|
BuggSpy
Pet Me
Premium
join:2001-01-24
Canada
| reply to mjf
Cool concept but I see the potential for BIG abuse! They use a relay server which means your mail and responses go through them before reaching it's destination. For "JQ Public" who knows nothing about encryption/security, configuring their email options, etc. this could be a welcome mat for spammers and undesirables!
No confirm.to for me!
--
BuggSpy |
|
mjf
" "
Premium,Mod
join:2000-08-05
New Orleans, LA
clubs:
·AT&T Southeast
Host:
General Questions
Wireless Networking
Covad / covad.net
D-Link
Difficult Searches..
| I agree that's why I posted it. Fortunately, it only works with html enabled mail programs - which includes any web page email like hot.mail etc.
--
"Give me the benefit of your convictions but keep your doubts to yourself. I have enough of my own." - Goethe |
|
Ausnetwanderer
join:2000-11-03
Down Under
| reply to mjf
Exchange Rate fluctuates from 51c low to 55c high for $us1-00 but that's offtopic.
-----------------------------------------------------------------
from RDionysus
When I tested it I got a ping from Postel (which ZoneAlarm blocked), but the receipt was perfect and did indeed contain my IP address.
-----------------------------------------------------------------
Perhaps the reason was that your email that was tagged and sent supplied the required information.IMHO
--
Enjoy
John |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
|  reply to mjf
This just uses the same code that I use anyway, here is how to defeat it. Send a e-mail to yourself using their product, Then Open OE View/layout/ Uncheck preview pane, Now when you see the e-mail in your inbox, right click it, click properties, details,message source, maximize window and you can read the e-mail without activating the code, you can even read any e-mail that contains any virus in the world like this and never ever get an e-mail virus.
You will not receive a confirmation, of any kind as long as you continue to open your e-mail like this. You could send yourself a 100 e-mails, but as long as you do it like this the code can't be activated.
--
Companies would rather lose you as a customer than fix the problem
Vampirefo
|
|
RDionysus
join:2000-10-03
Lindenhurst, NY
|  reply to Ausnetwanderer
from RDionysus
When I tested it I got a ping from Postel (which ZoneAlarm blocked), but the receipt was perfect and did indeed contain my IP address.
-----------------------------------------------------------------
Perhaps the reason was that your email that was tagged and sent supplied the required information.IMHO
[/QUOTE]
Thanks for the reply but no. Then users of the service would be reading THEIR OWN IP address when they read the confirmation (since they sent the mail). The test e-mail I sent was sent on another machine, different IP than the machine I checked it on. It somehow detected the IP on the machine I read the tagged mail on, I guess through the use of "web bugs" as mentioned above. ZA detected the ping while I was actually reading the mail. |
|
Barbara Ann
Premium,MVM
join:2000-10-17 | reply to Vampirefo
Vampirefo
This is how I read all my e-mail. Will confirm.to defeat this method and will the other party know that I have opened up their e-mail? |
|
Ausnetwanderer
join:2000-11-03
Down Under
| reply to RDionysus
How it works
Picked this out of the Confirm to site and thought it deserved posting after my last. Hope it helps.
What is confirm.to service ?
Confirm.to service is a e-mail read receipt notification service.
When you send an e-mail, simply append ".confirm.to" to the e-mail address of your intended recipient. Once the recipient receives and reads the message, you get a confirmation notice indicating where and when the message was displayed.
How it works ?
Confirm.to service is based on a distributed e-mail relay system.
The relay system intercepts the messages with the recipient address being of the form
" USERID@DOMAIN.confirm.to".
It adds some hidden HTML tags to the body text of the message and then deliver it to
" USERID@DOMAIN ".
When the recipient display the message in his/her Outlook Express or Netscape Messenger online,
the hidden HTML tags triggers the relay system to post a read receipt to the sender.
It doesn't require installation of any new software of the e-mail sender/receiver party.
--
Enjoy
John |
|
RDionysus
join:2000-10-03
Lindenhurst, NY
| Thanks AusNetWanderer, I read that blurb on their site too before I did the trial run, but that doesn't answer my question as to what mechanism is used to get the recipient's IP Address.
I.E. your post above:
Who Read: ausnetwanderer@hotmail.com
Subject: test
Read When: Fri, 23 Feb 2001 13:59:50 +1100
Read Where: (my full address [xx.xx.xx.xxx]) Position & Map
This Notice Sent To: xxxxxx@xxx.xxx.au (ME)
Sent When: Fri, 23 Feb 2001 13:56:48 +1100
Notary ID: (string removed)
It's that section in bold I am curious about. |
|
kkb
You go Gura
join:2000-06-11
Montrose, CO
| Though I haven't tried it I suspect when you fetch the "pixel" from confirm.to's server the fetch includes a message tracking id, eg: src="http://...confirm.to/pixel.cgi?msg=1234"
It's a simple matter to determine what address you're using when you request the pixel, and the message id links your address to the message in question.
Justin uses a similar procedure to tell you what your IP is when your run the DSLR tests. |
|
