Re: How to know whether a person clicked a link in an email

[Lou Quillio <public -at- quillio -dot- com>]

Caroline Tabach wrote:
> We have been told that there is a way of embedding a personalized link
> so I can know whether John Smith accessed the link I sent him in the
> email.

It's important to understand that this practice IS NOT ETHICAL.  If
you want to know if someone -- a personally-identified someone --
has opened your message or taken some subsequent action, you can ask
them.  And they can choose to reply or not.

So you're really talking about snooping.  The target is not supposed
to know that your email contains "bugs" that track his subsequent
actions.

Brother Margulis has explained part of how snoopers typically pull
this off; it's actually even simpler.  I'll elaborate so folks know
better how to protect their privacy.

Any URL in a piece of email can be tracked.  Suppose an HTML-format
message (yech) references an image at

  http://example.com/images/superbeaver.jpg

It's trivial to instead cite this link

  http://example.com/images/superbeaver.jpg?af7j5

The image is retrieved the same in both cases, but your Web server
logs something much more discrete in the second case.  If `af7j5`
were only appended to the image link sent to `joe -at- example -dot- com`, an
access log entry for the second URL means that Joe opened your message.

Note that a visible image isn't required.  A single-pixel
transparent GIF is sufficient.

The same can be done with any URL, such as the link to your document.

So the whole technique is about (1) embedding unique identifiers in
the URL querystrings in your message and (2) log analysis.  Simple.

And simple to defeat.  Email clients should be configured to NOT
retrieve images automatically upon open.  When a user authorizes
image retrieval for a particular message, he should assume he's
acknowledged receipt of the message.

Similarly, users should examine the target URLs of links embedded in
messages before clicking them:  they may not be was they seem.
Phishing, too, relies on folks not checking.  The From: line in a
message is easily spoofed, but the link that takes you to a
mocked-up Citibank.com can't be.

Mozilla's Thunderbird email client makes this easy.  On hover, it
displays link URLs in the bottom status bar, same as a Web browser.
 It blocks image retrieval by default, or will display all messages
as plaintext, and can additionally "sanitize" the markup in
HTML-format messages.

The quality of information gleaned through snooping methods like
these is crude and suspect.  That a message has been opened or a
link followed does not mean the content has been consumed or
appreciated.

Last, some folks and businesses elaborately (and duplicitously)
justify snooping of this kind, claiming that most folks don't care,
and those who do have protections available to them.  It's just
information, and information wants to be free.

I'd reply there's lots of information yearning to be free.  For
instance, there's strong indication that Radcom.com and
Protocols.com may be harvesting personal data.  Who knows what folks
will do with *that* information.  Goose and gander.

LQ

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Now Shipping -- WebWorks ePublisher Pro for Word! Easily create online
Help. And online anything else. Redesigned interface with a new
project-based workflow. Try it today! http://www.webworks.com/techwr-l

Doc-To-Help 2005 now has RoboHelp Converter and HTML Source: Author 
content and configure Help in MS Word or any HTML editor. No 
proprietary editor! *August release. http://www.componentone.com/TECHWRL/DocToHelp2005

---
You are currently subscribed to techwr-l as:
archiver -at- techwr-l -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- techwr-l -dot- com
Send administrative questions to lisa -at- techwr-l -dot- com -dot-  Visit
http://www.techwr-l.com/techwhirl/ for more resources and info.