Re: A new thing, to me

1

Heebie, can you share which email provider you use? Curious only b/c AFAIK, Google goes to some trouble to ensure that what you see in gmail is all served from google's servers -- from what I understand, it re-renders the GIFs and other stuff, specifically in order to thwart some of the known attacks. [But I'm not an expert, so I could be wrong about how thorough/effective their measures are.]


Posted by: Chet Murthy | Link to this comment | 08-30-17 2:10 PM
horizontal rule
2

If feel like I owe an apology to my boss back in 1998. I guess there is a reason to print your email.


Posted by: Moby Hick | Link to this comment | 08-30-17 2:16 PM
horizontal rule
3

Print it all, that is. And then have a secretary put it into folders for something called a "daybook".


Posted by: Moby Hick | Link to this comment | 08-30-17 2:16 PM
horizontal rule
4

2: There's a very good reason to have your secretary print out all your emails. You refuse to log on to a computer.

That attorney retired about 5 years ago.


Posted by: peep | Link to this comment | 08-30-17 2:22 PM
horizontal rule
5

You probably have HTML turned on in your email client. Turn HTML off and your email will not automatically load external sites (which can change). As a bonus you won't let spammers know you looked at their email.


Posted by: Lunch Lady Kim | Link to this comment | 08-30-17 2:46 PM
horizontal rule
6

That's a nice pseud.


Posted by: Moby Hick | Link to this comment | 08-30-17 3:01 PM
horizontal rule
7

5 is right. Technically the email--both on the server and the html delivered to your client--didn't change. It's just that there was an image link in the html to a resource whose content is generated dynamically, so each time you load the email in your client you could theoretically get a different image.

I know at least Floyd beds does this with the tracking info in their delivery notifications.


Posted by: Criminally Bulgur | Link to this comment | 08-30-17 4:07 PM
horizontal rule
8

1: Yahoo. (I know. I'm so ashamed.)

5: Yes indeedy. This is one of those flashy, webby-looking emails, as well.


Posted by: heebie-geebie | Link to this comment | 08-30-17 4:09 PM
horizontal rule
9

1 is potentially misleading - gmail (now) makes sure that images are proxied through it, so whoever sent it can't find out your network address when you read the message, but doesn't (generally) cache, so content can change and the sender can find out if and more-or-less when you looked at the message.


Posted by: Nathan Williams | Link to this comment | 08-30-17 4:16 PM
horizontal rule
10

9: not quite.

https://wordtothewise.com/2013/12/gmail-deploys-image-proxy-servers/
https://gmail.googleblog.com/2013/12/images-now-showing.html

Per the first link, gmail was caching images starting Dec 2013, and per the second, it was scanning images at that same time.

In short, those proxy servers are caching proxies.


Posted by: Chet Murthy | Link to this comment | 08-30-17 7:46 PM
horizontal rule
11

All my important correspondence comes from hidebound institutions like banks and nation-states, who want me to download PDFs. Sometimes I print them, even.


Posted by: Mossy Character | Link to this comment | 08-30-17 9:42 PM
horizontal rule
12

A dumb follow-up:

I decided to return the item. I went to the website and had them email me a return label, to print out at work. They sent it to my yahoo address. I verified that it arrived by opening the attachment to the email.

Last night, I forwarded the email with the label to my work account, so that I wouldn't forget to print it out.

Today the attachment opens just fine from my work email. It's been disabled or something from my yahoo account. FUCKERS.


Posted by: heebie-geebie | Link to this comment | 09- 1-17 12:16 PM
horizontal rule
13

OP, 8.2 and 12 together make me think the real question is what e-retailer did you buy this item from? Sounds like everyone should know so we can avoid it.


Posted by: urple | Link to this comment | 09- 2-17 9:03 AM
horizontal rule
14

I just read this $today. I am suspicious that email messages in html and javascript can render differently in different viewing sessions, and achieve the anti-deju-vu depited in this post.


Posted by: Econolicous | Link to this comment | 09- 4-17 12:18 AM
horizontal rule
15

It's the CSS. You in-line a remotely hosted CSS resource, and replace it when you're ready, or make a web service that decides on the fly what CSS to send back based on your monstrous, sickening plans.


Posted by: Alex | Link to this comment | 09- 4-17 4:00 AM
horizontal rule
16

Like so: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/


Posted by: Alex | Link to this comment | 09- 4-17 4:03 AM
horizontal rule