Some more thoughts on Mailinfo

Back in October, I blogged briefly about Mailinfo, the service that allows you to track whether or not anyone has opened your email.

Lior Kimchi, one of our developers, as written a bit of his observations on the program:

The way this service works is by including a picture in the email. The picture is not embedded, but rather it is an HTML link to the MailInfo server, using a unique code for each member, and the picture is retrieved and displayed. By using the unique id for each email, they can track it. By using the tracking feature in outlook, an email gets sent to the sender with the confirmation. So, every email you read generates an email from you. The http request, getting the image, and sending back an email, just quadrupled the traffic needed to view a single message. Imagine trying to read your email when you are on the road, on a slow connection.

And yet, an even more severe potential privacy issue exists here – not only is an email gets sent back, but the MAilInfo service records your IP address. They can do it because of the HTTP request for the picture that’s in the message. This is used by them to do a lookup into an IP-Location table to get your location, and it is sent back to the sender with the confirmation. I see it as a real breach of privacy.

Imagine an abusive husband, whose wife left with the kids. He doesn’t know where she is. He sends her a simple email “how are the kids doing?” She responds, and he gets her location (the location is usually just a city name, and sometimes not that accurate, but still, it’s something).

As some of the comments to the first blog post suggest, it is very easy to bypass this service simply by disabling the display of pictures in emails. I have been doing this for years because spam email almost always had some pictures in them. Spammers use it for other reasons as well.

One simple way is to only view email in text mode. I don’t like it so I just use outlook’s built in features to block confirmation email AND to block image display. But, sometimes you do want to see the images. Here is nice trick: after viewing the email and determining that it is ok to see the pictures, you right click on one of the pictures’ place holders. A pop up menu will show:

Image1123888888182388a

Click on “Download Pictures”. Very easy.

Now, to block confirmation emails from being sent, in Outlook, select Tools|Options, Preferences tab and click on the E-mail Options button, and then click on Tracking Options. You will see this dialog:

Image1123888888182388b

Uncheck all check boxes. Also select “never send a response” and click ok. click ok on the other dialogs.Per outlook’s help, images are by default blocked in order “To protect your privacy from junk e-mail senders”. If you find that they are not blocked, here is how to enable the block. Go to tools, options, Security tab, and click on the “Change Automatic Download Settings” button. You will see this dialog:

Image1123888888182388c

Check all boxes and click ok, ok. That’s it.

(The above instructions are for Office 2003)

It is also important to note that most web based free email services (yahoo, hotmail, etc.), also have this feature to block images. You can find it in the Preferences. Then when a message is displayed, there is a link at the top to display the images”. Not only is it safer, but email gets displayed much faster.

Have a safe day.

Thanks Lior.