Jump to content

Can webmaster intercept a private email (to another) if a link to his site is within?


LiveMusic

Recommended Posts

  • Members

I sent an email to a few friends. Contained therein was a copy/paste of part of a website, which is what I was showing them. Within 40 minutes, I got an email from the prez of the company who owned the website and said "You can't send that." How the hell did he intercept my very email sent to my friends? I mean, he sent me the exact email I had sent out. Is this common or does it require super-stealth software scripts to have that running all the time. When I copied/pasted, looking back, I see there was a live link to his site (it was just text). Is that live link the key?

 

I was thinking this is something new-fangled "Big Brother" type situation but I have slight recall that my own webmaster "saw" an email I sent about our site, and this was a few years ago. What gives? How can people get hold of private emails? Is that legal?

Link to comment
Share on other sites

  • Members

The most likely situation is that you accidentally sent the email to the guy: there is no mechanism fo screening the body of an email for certain domain names and contacting related parties.

 

Do you work for this company? If so, and you sent it via your company email, it's possible that it passed through an exchange server, even if you are using gmail (that is, the gmail account could be linked to another account that you're "really" sending through), but that doesn't seem very likely, either.

 

More details are necessary here :D

Link to comment
Share on other sites

  • Members

I did not know the man at all. I just became affiliated with his company but I did not have an email address for anyone there. I had received emails from their corporate office but I had never emailed them. And I checked the email to see who it was sent to and it was all people I know, like, eight people.

Link to comment
Share on other sites

  • CMS Author

 

I see there was a live link to his site (it was just text). Is that live link the key?

 

 

Perhaps when one of your recipients clicked on the link, it recorded his IP address and what was clicked on. Is the web site public? Is the portion that you copied public? Perhaps you sent something you shouldn't have sent.

 

Assuming this was something that's doesn't have to do with internal company business, you might respond to the e-mail you received from the president with something like "Sorry, I meant no harm, but out of curiosity, how did you get the copy of the e-mail that I sent?"

Link to comment
Share on other sites

  • Members

Yeah that would freak me out. I would first of all contact all the friends and ask them. I'd say I did not care if they did E mail the guy, I just need to know.

 

If they all say they did not, I would E mail the guy and apologize and agree to not do whatever he was pissed about and then ask him how he was aware of it. Obviously he is not going to reply to that if it is underhanded. But yeah, more info is needed. Maybe one of the friends heard about it and sent it. Maybe there is a virus on your E mail......could it have sent the E mail to more people than you intended......seems unlikely.

 

If that guy (and other people) have a way(s) of spying on anyone who accesses their website and seeing if you ever copy and paste their content, it should be brought to somebodies attention because it amounts to spying.

 

Maybe Craig can weigh in on this? Another thing I would like to know which is somewhat related.......can forum admin specifically admin....... "see" members passwords and can they access members PM's to each other? In other words if people were conspiring against another member or talking smack about a mod........ can the admin folk see that?

Link to comment
Share on other sites

  • CMS Author

When I ran a BBS in the mid 1980s, I could see everything, but that system was completely self-contained. There are lots of web tools that track web site visits (he had to have visited the web site to copy information from it) and I suppose that if you had the resources, you could locate someone's e-mail address from the IP address from which the site was accessed. Don't they do that all the time on TV?

Link to comment
Share on other sites

  • Members

When you copied and pasted some of the website contents into your email, unless you went to some lengths to avoid it, you essentially copied the code for the page -- complete with code references to the URLs of the original image files on the company's servers. IOW, your email contained not the images themselves but code references to them.

 

So when your email reader 'assembles' the email for viewing, the embedded images it is displaying are from the company's server, not actually included with the email.

 

Because of THAT, everytime someone views the email in a viewer, the company's servers receive a request to return the requested resource (the image file).

 

So the company, in essence, is notified every time someone views the image files. And they can quickly sort out requests that are not attached to pages on their own site.

 

(This is generally known as "image poaching" -- and it is a very common and very unwelcome 'illicit' activity, since it 'steals' from your server bandwidth in order to display your image on someone else's site, in someone else's context and for their purposes -- which might be totally antithetical to your own. [Obviously, inclusion in an email is somewhat different, in that exposure might be limited to one or two people... that said, it could also be in an email blast to thousands. And, of course, it may not be immediately apparent just where those images are being viewed, since many folks use web mail, now.)

 

That's why email clients typically default to 'Images blocked to protect your privacy' or something along those lines -- because companies have often used image requests in order to see who is reading what emails and when. (And, of course, spammers can use those image requests to confirm that live eyeballs are on the receiving end at your address.)

 

 

If you wanted to do something like this (legalities aside, and that's a lot of brushing aside), it can be done but not without a fair degree of complexity and jiving around.

 

A better way to communicate the visuals of a given website is to take a screen shot of it and email that as an attachment or embedded image.

 

The best -- bar none, it's brilliant -- screen capture tool I've found is Fireshot, which is available for both Firefox as well as Chrome. Not only does it allow easy captures, but it has a number of editing/screen annotation tools that allow you to circle, box, highlight, draw arrows, add text balloons, etc.

Link to comment
Share on other sites

  • Members

... or in OSX, cmd-shift 3 will cap the whole screen, cmd-shift-4 lets you cap a selection. [edit]And yes, I agree FS is the best cap tool I have found in general[/edit]

 

However, even if the images were served and they were tracked (not a lot of people do that on a really granular level), the only http request would only give the requesting email address, not the address of the originating email. At least as far as I know.

 

When you're being tracked as far as images in email (which is a real problem), usually it is requesting an image that is specific to the email that was sent to you, which would be a hash of whatever info that the person setting it up would like to keep...

 

all this is just speculation (I've never set anything like that up), but I'm very skeptical that an img src link in an email would reveal the sender's address.

Link to comment
Share on other sites

  • Members

I certainly wouldn't apologize under any circumstances. If the guy is a businessman he's an idiot, assuming your email brought his site to the attention of your friends. Well, he's an idiot anyway if he's going to speak to a potential client that way. Of course I don't know the details or context of what you were sharing. And yes you have a legitimate privacy grievance with this person tracking private email in any fashion, which is much more serious in the eyes of the law than copying and pasting some content from a website and sharing it privately with a small group of friends.

 

Now if you were to republish his content on a publicly accessible website of your own that

Link to comment
Share on other sites

  • CMS Author

LiveMusic didn't say what the content was, but he did say he was affiliated with the company. It could have been music (someone else's), it could have been graphics, it could have been text from a non-public web site meant for company communication. He may have done something relatively harmless and innocent, or he may have given away a company secret.

 

I've often e-mailed someone a link to a file in a web site. I figure I'm doing the owner the courtesy of giving him a web site visit and maybe my recipient will will look around further. Basically, I'm honoring his copyright, like telling someone about a book rather than copying the book and giving someone a copy.

Link to comment
Share on other sites

  • Members

 


However, even if the images were served and they were tracked (not a lot of people do that on a really granular level), the only http request would only give the requesting email address, not the address of the originating email. At least as far as I know.


When you're being tracked as far as images in email (which is a real problem), usually it is requesting an image that is specific to the email that was sent to you, which would be a hash of whatever info that the person setting it up would like to keep...


all this is just speculation (I've never set anything like that up), but I'm very skeptical that an img src link in an email would reveal the sender's address.

Oh, yeah. The track back information that could be used for finding info on the sender is in the header of the email -- but that can be forged.

 

When the receiver's email client requests any resources (like image files) requested by the content of the email, the resource request (obviously) has to have the IP address that the resource is being served to -- and that reveals the RECEIVER's location -- not the sender's. If the email client is set to ignore image resource requests, then there's no chance of getting the receiver's current IP address -- because there's no resource request to require it.

 

URL-tracking by resource in emails has been common enough that many email clients default to 'images blocked to avoid revealing your location' (or whatever the wording happens to be in a given case).

Link to comment
Share on other sites

  • Moderators

Maybe Craig can weigh in on this? Another thing I would like to know which is somewhat related.......can forum admin specifically admin....... "see" members passwords and can they access members PM's to each other? In other words if people were conspiring against another member or talking smack about a mod........ can the admin folk see that?

 

We can't see members' passwords. We can change members' passwords. The field appears blank to us until we type one in. We can see and change members' email addresses.

 

We can't see PMs unless someone reports a PM. So if you send a PM to someone and they press REPORT, pretty much all of us see what you wrote them verbatim.

 

And we really don't care if you "talk smack" about us. ;)

 

Threats would be an exception, of course.

 

Terry D.

Link to comment
Share on other sites

  • Members

Thanks Terry. No I was not thinking here so much as the other 12 forums I got perma-banned from.....:facepalm::eek::lol:.........just kidding. But yes, at another forum it seemed odd that some stuff came up that was along the lines of what some of us had been discussing. The timing was suspicious. I just wondered. But thanks for clearing it up.

Link to comment
Share on other sites

  • Moderators

Thanks Terry. No I was not thinking here so much as the other 12 forums I got perma-banned from.....
:facepalm::eek::lol:
.........just kidding. But yes, at another forum it seemed odd that some stuff came up that was along the lines of what some of us had been discussing. The timing was suspicious. I just wondered. But thanks for clearing it up.

 

It's the same for all vBulletin powered forums, I'm sure.

 

T.

Link to comment
Share on other sites

  • Members

It could be different with other software, too.

 

There are even some BB's around with homegrown code and, of course, if you are writing the code, you can write it any way you want.

 

(That said, the complexity of mature BB software is pretty much crushing. I started to write my own BB in the late 90s and, so, looked around at existing software and then installed one package that seemed really well written. As I prowled through tens of thousands of lines of code in many scores, maybe hundreds of modules, I started thinking that that was a wheel that did not require reinventing. At least not by me.)

Link to comment
Share on other sites

  • Members

Yeah that particular admin is very nifty with code and all. He wrote his own iPhone app for that forum and well, that's small pataters...... he is a computer nerd, geek whizkid. He created the place for two financiers from the ground up so I am sure they have all sorts of "ways". Mt admin friend says not, so I will take him at his word......... but somehow it seems to me this is something that is possible.

 

Terry, are there actual internet fair use laws in place to protect people's privacy as regards use of a forum/bulletin board? In other words, when you utilize one BB software or another, is the administrator made aware of these and use is contingent on obeying the laws?

Link to comment
Share on other sites

  • Members

We can't see members' passwords. We can change members' passwords. The field appears blank to us until we type one in. We can see and change members' email addresses.


We can't see PMs unless someone reports a PM. So if you send a PM to someone and they press REPORT, pretty much all of us see what you wrote them verbatim.


And we really don't care if you "talk smack" about us.
;)

Threats would be an exception, of course.


Terry D.

 

And you can see deleted and/or altered posts. I mean you can see what was modified. But I know super mods can see quite a bit. I was a mod on Tascam forums long time ago. I could care less about people's information unless they became a true problem member who only wanted to troll. And it takes a special sort of mod when you're dealing with quirky artists. But I know there are some creepy mods out there... of course there are. We all take a chance on forums that the mods will be cool and discreet, so we choose the forums we participate in with some thought, hopefully. I was very discreet as a mod. Well I am as a person anyway.

 

I'm out there over the top with my posts sometimes I know that, but what I mean is I will never reveal anything someone has told me in private or just something I know about them that they don't even know I know, even if we have a falling out. That's just me. I will kid and tease around with anyone who kids and teases around on a forum, on facebook, etc. But when someone feels comfortable enough to put trust in you and share something about themselves they wouldn't announce on a pubic area or on the phone, whatever... that's a sacred trust and you take it to your grave.

Link to comment
Share on other sites

  • Moderators

Terry, are there actual internet fair use laws in place to protect people's privacy as regards use of a forum/bulletin board? In other words, when you utilize one BB software or another, is the administrator made aware of these and use is contingent on obeying the laws?

 

I don't know what the law is. I do know that HC has a privacy policy posted somewhere, but strangely I was unable to find it just now. Maybe it's past my bedtime. ;)

 

As for admins reading private messages, obviously an admin could simply change anyone's password and log into their account, then read their private messages if they hadn't deleted them. I don't think anyone here would do that, we have a pretty good crew.

 

On any forum it's probably a good idea to delete private messages after reading, and an even better idea to not put anything in a PM you wouldn't want to see in the newspaper or on your wife's desk later.

 

Terry D.

 

P.S. Keep in mind that a secret is no longer a secret when two or more people know it, which is the case once you've pressed SEND on your PM.

Link to comment
Share on other sites

  • Members

 

And you can see deleted and/or altered posts. I mean you can see what was modified. But I know super mods can see quite a bit. I was a mod on Tascam forums long time ago. I could care less about people's information unless they became a true problem member who only wanted to troll. And it takes a special sort of mod when you're dealing with quirky artists. But I know there are some creepy mods out there... of course there are. We all take a chance on forums that the mods will be cool and discreet, so we choose the forums we participate in with some thought, hopefully. I was very discreet as a mod. Well I am as a person anyway.


I'm out there over the top with my posts sometimes I know that, but what I mean is I will never reveal anything someone has told me in private or just something I know about them that they don't even know I know, even if we have a falling out. That's just me. I will kid and tease around with anyone who kids and teases around on a forum, on facebook, etc. But when someone feels comfortable enough to put trust in you and share something about themselves they wouldn't announce on a pubic area or on the phone, whatever... that's a sacred trust and you take it to your grave.

Mods here can see deleted posts, but they can't see a revision history. I'm pretty sure VB doesn't keep revision history (aside from that provided by standard system backups which is a whole different thing. And by that I mean the kind of detailed versioning of posts that Facebook now does that you can look at by clicking on the 'Edited' link.)

 

No doubt there are creepy mods out there, but, you know, after a while, you've seen it all and heard it all and you just want your forum to run right and not have a bunch of flame wars. (Or maybe it's the kind of forum that thrives on them. But in a work-oriented forum they keep others from getting things done. And they are supremely annoying to try to deal with as a mod, since they are almost certainly going to make you ticked off with both sides.)

 

 

With regard to the law, of course, there are all kinds of privacy laws in all kinds of jurisdictions. Probably the number one legal issue is the Terms of Service and Privacy Policy of a given site, as these form a contract between the site/operators and users. That said, we suspect that just as precious few end users probably really read Terms of Service agreements, if your enterprise doesn't have in-house legal staff, chances are you as a business person are probably going to be giving short shrift to 10,000 word TOS agreements attached to 'free' or business-consumer software. Show of hands: how many of you business/side-business owners have read the Quicken TOS, if you use that software? I rest my case.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...