Friday, November 28, 2008

Snopes Warns Against Embedded Tracker Programs - Pass It on

Friday's Urban Legend: False

Have you ever received an email messgage like this?

Snopes Warning

Pass this one on to all your e-mail buddies and take the time to read the article listed below. It is full of good advice especially about the "cookies."

To whom it may concern:

Just a word to the wise. E-mail petitions are NOT acceptable to Congress or any other municipality. To be acceptable petitions must have a signed signature and full address.

Almost all e-mails that ask you to add your name and forward on to others are similar to that mass letter years ago that asked people to send business cards to the little kid in Florida who wanted to break the Guinness Book of Records for the most cards. All it was, and all this type of e-mail is, to get names and "cookie" tracking info for tele-marketers and spammers to validate active e-mail accounts for their own purposes.

Any time you see an e-mail that says forward this on to "10" of your friends, sign this petition, or you'll get good luck, or whatever, it has either an e- mail tracker program attached that tracks the cookies and e mails of those folks you forward to, or the host sender is getting a copy each time it gets forwarded and then is able to get lists of "active" e mails to use in spam e-mails, or sell to others that do.

Please forward this notice to others and you will be providing a good service to your friends, and will be rewarded by not getting 30,000 spam e-mails in the future.

(If you have been sending out the above kinds of email, now you know why you get so much spam!)
According to they have never warned against "tracking programs" embedded in email messages [False Advice]. It may be good advice to not spam your friends but nothing in this email message is directly from the website and nobody at have authorized it.

If there was such a thing as an embedded email tracking program then passing on this message would be an excellent way to spread it!


  1. Just to be thorough: although this does not work to track addresses through forwards, there is a way that spammers can send you e-mail and know whether or not you have read it.

    1. Get a list of e-mail addresses (even made-up ones will do)
    2. Assign a number or code to each one
    3. Compose a message using HTML formatting
    4. Use an automated process of some sort to embed in each copy of the message a 1 by 1 pixel transparent gif image stored on your web server, and at the end of the URL for the image, append a "?" followed by the number or code from step 2
    5. Send the messages
    6. Watch your web server's logs to see which numbers show up when people are loading that image, and match those numbers back to the list

    Obviously, this does not work through forwards, because the number/code does not change and in any case the spammer wouldn't have the new addresses in their list, but it's a standard trick spammers use to see which addresses are actually reading their messages, so they can then further target those addresses.

  2. It doesn't work if you tell your email client not to display html content. :)

    There are a bunch of "stupid email tricks" (turn off preview pane) and "stupid browser tricks" (reject thrid party cookies) that can save people a lot of grief, instead we get this horseshit going around.

    Spammers rarely care about "targetting".. it's too much like work. I hate these people.