SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Java script to capture mail wiretapping

    My application send HTML email which consist of links and images, to application users . Now we have business requirement to check

    1. Whether these email recipients forward this mail to some other users
    2. If user is forwarding this mail, capture the email address to which he is forwarding.

    Can we get these informationís from placing a JavaScript in HTML mail?
    Any sample java script which capture email forwarding informations

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,705
    Mentioned
    102 Post(s)
    Tagged
    4 Thread(s)
    That sounds like a bad business requirement.
    It is possible to place a querystring on images that contains a unique id so that your server log can record the ip address from which the image is being fetched.

    Recording the destination of forwarded email isn't viable, but you should be able to run the logs through a scanner to check for a unique id being accessed by multiple id addresses. Investigations could then occur from that information.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pmw57 View Post
    That sounds like a bad business requirement.
    It is possible to place a querystring on images that contains a unique id so that your server log can record the ip address from which the image is being fetched.

    How dya do that? I could dream up other ways, but not sure what/how is this querything ?

    Recording the destination of forwarded email isn't viable, but you should be able to run the logs through a scanner to check for a unique id being accessed by multiple id addresses. Investigations could then occur from that information.
    If you really think that, would you possibly have time to go to www.bigstring.com (.com?/.net?) and figure out how they do it for us, please? My account there tells me about receipts and forwards - maybe even bcc s , not sure. How do they make the emails expire and disintegrate? How do you make a self-destructing video email? Enquiring minds...

    TIA
    Mike

  4. #4
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,705
    Mentioned
    102 Post(s)
    Tagged
    4 Thread(s)
    How you make a self-destructing video email is to host the video yourself, and have the server provide the video based on a special identifier. The server checks that its database record for that identifier indicates that the video hasn't yet been watched.

    Once the video has been watched the server would then flag that identifier in their database as being read. If the video is requested again, it checks the database for that identifier and seeing that it has already been watched, won't allow you to watch it again.

    That is the kind of technique that should be use perform that type of behaviour.

    As to the non-ability to save or print, just try sending an email from bigstring.com to a webmail account like gmail and you will find that you are able to perform those tasks. Even in the FAQ it says that you can't prevent printing in Outlook 2007.

    They're trying to provide a fancy service, but it's all smoke and mirrors. Their ability to provide security is severly limited to one or two email clients.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  5. #5
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What about self destructing email? Haven't tried it. I can send a message to a yahoo account and see if it's been read. Can't remember if I tried forwarding a message to myself to another account of mine or someone else to see if the IP shows up, but bigstring claims it's doable. I only tried it once on a real person to catch a spy, but they could've just cut the message and pasted it in a new composition rather than forwarding it. So much for detecting a fwd in that case.

    Mike

  6. #6
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,705
    Mentioned
    102 Post(s)
    Tagged
    4 Thread(s)
    For self-destructing email to work properly, I can imagine that the message itself isn't sent, but just a link to a web service, from where the server can control access to the message.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •