[gaia e-mail] sanitizing web-bug images?
asutherland at asutherland.org
Thu Aug 16 19:15:17 UTC 2012
On 08/16/2012 02:12 AM, Mark Banner wrote:
> Do you have any knowledge or suspicion of how many emails are sent
> with just a single web bug image, and no other remote images?
I presume it to be rare in the case of newsletters/bulk e-mail. I
presume it to be fairly common in the case of services that provide
individuals with tracking capabilities. Although, a brief survey
suggests that these services don't actually send 1x1 images. For
example (all examples are the domains with 'www' and 'com' stripped to
avoid accidentally giving them any type of linkjuice):
- spypig: Embeds a choice of images, one of which is 20x20 pure white,
or images of pigs or an image that actually says "I know you've read my
email", or an image you upload.
- readnotify: Includes multiple image references in kind of a
pre-emptive arms war kind of way per:
http://blog.jgc.org/2006/10/peek-inside-readnotify.html . The tracking
images in the blog were height=1 width=3. Interestingly, the img tag
has "moz-do-not-send" set on it already, presumably to avoid subsequent
- didtheyreadit: Used an explicit 1x1 web bug in the past per
. Used an Outlook? "nosend" attribute extension along the same lines of
I am tempted to write a Thunderbird extension (that could be run in test
pilot) to do the grunt-work of scanning an e-mail corpus to gather data
just because it's interesting, but am unlikely to do so, so if anyone
else wants to, please feel free!
> Purely, in my email history, I've only ever known this once where we
> had it with getsatisfication at one stage, and we convinced them that
> it was a bad idea due to UX and privacy, and convinced them to remove it.
The motivating example in this case was the recent mozillians e-mail
with subject "Mobilize Mozilla: NYC Marathon". Mozilla may be more
receptive than the average bear to Mozilla evangelism efforts.
More information about the tb-planning