readnotify

[TheGeek]

Hi,

I have talked about services such as readnotify.com which tell you if your email was read or not. The only problem is that they charge you arround 30 us dollars per year. I don't want to pay that much.

My summer vacation is here and this summer i want to figure out how this works and how to make it. As far as i know it either puts an activeX script of an image in the email.

Can someone tell me how exactly it works and help me make something like this?

[Aeternus]

As you've already suggested, putting an image or some form of scripting inside a (X)HTML based email will mean that alot of mail readers will attempt to access the image, which is on their servers they can log that attempt to access it (or if it's some form of scripting, that can simply call home).

 

The scripting seems more likely as it claims to tell you how long the email has been open for and so on.

 

As far as I know, this is really not guaranteed as alot of mail clients these days block images and/or scripting (you can then agree to view these images or run this scripting etc depending on the mail client), and the person is not guaranteed to even view the email in a mail client capable of displaying any of this. Heck, they don't even have to use a mail client, I could read my mail plain text right out of the my servers mail queue or my mail directory and aside from the information one can gather from the mail server / smtp protocol itself (ie that the user exists on that mail server etc) I honestly cannot see how any information would be getting back to the sender.

 

With regard to how exactly they are doing this when you send it to $X.readnotify.com, that's pretty simple. That ending ensures it will be sent to their mailservers and then that can be stripped out of the destination and then the mail data/message can be altered to include the image/scripting/whatever and then the message can be sent on to the next relay in the chain. Whether or not they actually have a fully fledged mailserver acting there (they could for instance have a modded version, particular config options and/or upon delivery the mail is passed to a custom script (as happens with procmail etc)), or whether they simply have a script that acts as an smtp server (while not necessarily implementing all of the features of an smtp server) and does all that discussed above, I don't know.

[TheGeek]

Thank you for your reply. I don't think i'm going to use activeX scripts, since i have no clue how they work. If the scripts are only used to time how long it's open than i don't need them. I just want to see if the email was opened or not. I guess than i only need an image that will tell me if it's been opened. I have read in other posts that php scripted images can do this. Can someone tell me how exactly to do so?

As for mail clients, this won't work with gmail since the images are automatically blocked. This should work with others such as yahoo, hotmail, and others.

Any ideas on how to make an image that will record if it's been opened and when? It needs to have two features:record time if opened and it should be the same color as the background or transparent so it's not seen.

[Aeternus]

The easiest way would probably be to use the header function to set the Content-Type of the data being sent back to image/jpeg or image/png etc and then either reading an image from a file and just outputing the contents, or using some of the image functions to generate your own. Then within the script you can use whatever you want (mysql, pgsql, odbc functions, simple file operations etc) to log that access attempt.

 

You probably don't even need that, as the image doesn't need to actually work for you to be able to log it, it only needs something to try to access it.

 

To actually capture their email address, it would probably be a case of setting the images location to be something like http://address/image.php?email=$theiremail and then you can grab this in your script using $_GET['email'] although there may be other more dynamic ways of doing this.

 

Some email clients might block image srcs with a non-simple extension, but you could get around this using mod_rewrite rules etc so that you could use directories and a different extension to link and pass arguments to a php script.

 

If you plan on sending a script generated image for some reason, or if you just want some example code on actually sending images, you can look here -

 

http://uk.php.net/image

 

and I'll try to post a little more with some examples later when I get back from work.

[1veedo]

Some forums have this feature already. It's just javascript but it's for online PMs not actual emails.

 

It'd be hard to get their email from the page, you'd practically have to send the entire html for the page they're looking at, cause you don't know what mail server they use, and then you could look at it and see "welcome, whoever!" Making a script to autoget their email would be too tedious.

 

You could do this no problem it just wouldn't work for everybody.

 

To get past the "strange images" you couldn't have image.gif?blahblahblah so you'd have to write a little bash script that symlinks a bunch of imageXXX.gif then another script to assign certain numbers to the particular email and look through access.log to see if the image has been accessed. The images would then be normal and you could run the script as a cron job or something.

 

Again though, although not hard to do, the receiver would have to view images and you need some sort of coaxing for them to allow a 1px image cause they'll be looking around "hey, where's the image?"

 

I don't see that there's a great need for this, anyway.

 

edit:

Actually, you could run a script w/ tail -f /var/logs/$apache2/access.log so it'd continuously keep up to date w/ what emails have been read.

[Aeternus]

 

To get past the "strange images" you couldn't have image.gif?blahblahblah so you'd have to write a little bash script that symlinks a bunch of imageXXX.gif then another script to assign certain numbers to the particular email and look through access.log to see if the image has been accessed. The images would then be normal and you could run the script as a cron job or something.

 

Uhh.....

 

In alot of cases' date=' as I said, you can just use image.php?something=something, and send the correct Content-Type, the actual extension should be irrelevant. If you have trouble with extensions because some clients are checking for the extension to prevent this type of thing, as I said again, you can get around this and use urls like /something-something/image.jpg which can be rewritten at the server using mod_rewrite (if you are using apache) to use the same php script mentioned above.

 

While you can simply look through the apache logs, he may want to do certain things (such and db work or sending mail himself and so on) as soon as they open the email, which that wouldn't really allow. It is simpler to look in the logs however, but using a mixture of tail and/or grep would probably be easier so that you don't retrieve lots of irrelevant access lines like people trying to get favicons and spiders looking for things (especially if you aren't the only one using this apache server).

 

Also, you don't NEED to have any images at all as I mentioned, you especially don't need to have an image per email address. Heck you could have it link to http://somedomain.com/theemail@cheese.com and then grep for all 404's of a particular format/date range in the access log.

 

If getting an actual image is important, you can either do as mentioned above (possibly generating random images) or despite what you said, you [b']can[/b] do image.jpg?email=x (although you'll have the same problem as mentioned above with possible blocking) and depending on the apache config, the query string will be logged in the access log and you can grab that out as well.

[TheGeek]

I just read that readnotify uses iFrames. What exactly are iFrames and how do we program one in an email?

 

 

can someone explain the following code that is added to the mail:

<DIV><a href="http://www.4pyjvpqt0tvfhk.ReadNotify.com/tg/4pyjvpqt0tvfhlhttp/travel.yahoo.com/p-travelguide">http://travel.yahoo.com/p-travelguide</a>

</DIV>

<div alt="4pyjvpqt0tvfh1."><pre> </pre><pre>

<br><Img moz-do-not-send="true" border=0 height=1 width=3 alt="" lowsrc=""

Src=http://www.4pyjvpqt0tvfh8.ReadNotify.com/nocache/4pyjvpqt0tvfh9/footer0.gif><Img moz-do-not-send="true" Border=0 Height=1 Width=2 Alt=""

Lowsrc=http://www.readnotify.com/ca/rspr47.gif ><BgSound volume=-10000 Alt='' Lowsrc=""

Src=https://tssls.4pyjvpqt0tvfhv.ReadNotify.com/nocache/4pyjvpqt0tvfhv/rspr47.wav>

</pre><table height=1 width=3 border=0><tr><td

background

=http://0320.185.62311/nocache/4pyjvpqt0tvfhP/rspr47.gif> </td></tr></table>

</div>

[Aeternus]

I just read that readnotify uses iFrames. What exactly are iFrames and how do we program one in an email?

 

 

can someone explain the following code that is added to the mail:

 

 

An iFrame is an Inline Frame' date=' which implies that it is a frame in a html document, so it allows one to display a seperate site or url in that frame within another website which can be resized and all sorts of other things like other html elements.

 

There don't seem to be any in the source you posted (they use the <iframe></iframe> tag - See here). All that seems to be is a few images and some background music with some fancy properties (for instance Lowsrc specifies a low resolution version of the image to load first before the high res). It seems the urls used include an id (4pyjvpqt0tvfhv) which might be what is being used to identify the individual email being sent.

 

It could possibly be using the background sound (likely, due to the - volume) or one of the images (perhaps why it has Lowsrc and src, so the Lowsrc is displayed and the src is kept going) to keep a connection open (ie it never finishes sending the content and keep things going until the user closes the email/client). This would allow it to determine how long the email was being read (or estimate at least). This seems a bit dodgy but it might be how it's doing it .

[TheGeek]

I'm really new to this so can you give me directions on what would be the simplest way to get the time when the email was opened and what do i have to add to the sever?

[Aeternus]

Something like -

 

<?php
   // Get some information about the user/client
   $logString = 'Date : ' .  date('Y/m/d H:i:s') .
                "\nIP   : " . $_SERVER['REMOTE_ADDR'] .
               "\nUser Agent : " . $_SERVER['HTTP_USER_AGENT'] .
               "\nEmail Addr : " . $_GET['email'] .
               "\nEmail Id   : " . $_GET['id'] . "\n\n\n";

   // Open the file for writing (append)
   $fh = fopen('test.txt', 'a');
   fwrite( $fh, $logString );
   fclose($fh);

   // Send the client some image
   header( 'Content-Type: image/png' ); // Set the Content-Type HTTP Header
   $fh = fopen( 'test.png', 'r' );       // Might as reuse $fh
   while ( !feof($fh) ) {                // While we haven't reached the end of the file
       $data = fgets( $fh, 1024 );       // Get 1024 bytes into $data from the file
       echo $data;                       // Print that to output (ie send it to the client)
   }
   fclose($fh);                          // We must've reached the end of the file, so close the file handler
?>   

 

should work. It logs the IP (ish, transparent proxies can sometimes give you the wrong IP, so sometimes HTTP_HOST_IP or something like that can be used and so on but this suffices for an example and for simplistic use), Email and date accessed etc when the image is loaded at -

 

http://somedomain.com/image.php?email=some@email.com&id=howeveryouwanttoidentifythatmessage.

 

You can then just put that as the image src of an img in a HTML email, making sure that it actually does that and doesn't instead download the image and send it as an attachment (as alot of email clients seem to do - you might be better off sending a raw mail rather than using a mail client if you want to do this as often clients will do alot of things behind the scenes that you are unaware of). The image you want to show should be test.png in the same directory as the php script but you can change that pretty easily (or if you really can't (:S), just ask and I'll explain how).

 

You might have to fiddle with permissions of the image to make sure it's readable by the webserver and you might also have to create test.txt or alter the script to put the log file wherever you wish.

 

This script isn't particularly sophisticated and is really just an example to give you an idea of how it might work. It simply shows the image test.png, and puts entries in the log "test.txt" every time it is accessed (whether by an email client or web browser or whatever, as many times as it is accessed, this is something that would be changed if you wanted to make it more sophisticated) in the form -

 

Date : 2006/06/18 20:14:18
IP   : some.ip.here.ok?
User Agent : Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060515 Thunderbird/1.5.0.2
Email Addr : someemail@email.org
Email Id   : Testing

 

You would have to tailor the url of the image (ie the email= and id= parts) each time you wrote a new email to a different person, giving each mail an id you'd recognise it by and the email being their email and this could become rather tedious, to automate it you'd really have to either write some sort of script for your mail client or have your mail relayed through some sort of server or script that would do this for you (it wouldn't be THAT hard to make a script to do this but if you don't have much experience programming it might be somewhat challenging).

 

This doesn't address the problem you might have with some clients only accepting certain extensions. However you can quite easily fix this if your webserver allows you to use mod_rewrite rules in your .htaccess files. You can put something like -

 

RewriteEngine On
RewriteRule /([^/]+)/([^/]+)/image.png image.php?email=$1&id=$2

 

Or something to that effect in the .htaccess file in the same directory as your php file and then use the link -

 

http://domain.com/someemail@cheese.com/someid/image.png

 

obviously making sure not to use / in your id (or email but thats probably obvious anyways).

 

Check out the apache mod_rewrite docs for more info. You can also do this using the $_SERVER['PATH_INFO'] variable within the actual php script without resorting to the mod_rewrite rules and using explode() etc, it's entirely up to you.

 

Some of this depends on you having an Apache Webserver (which is more often the case when looking primarily for PHP hosting) but if you have an IIS (Internet Information Services - an MS WebServer as well as other things), you might have to change a few bits and pieces (ie the mod_rewrite rules are Apache only (well... afaik :S)). If you NEED it to work with IIS specifically, then mention that and I should be able to tailor things to IIS.

 

I hope this helps you get an idea of what one might be able to do.

[TheGeek]

thanks for your help!

Let me get this straight:

First, on my webhost server make an image.php. Put the following code in the image.php:

<?php

// Get some information about the user/client

$logString = 'Date : ' . date('Y/m/d H:i:s') .

"\nIP : " . $_SERVER['REMOTE_ADDR'] .

"\nUser Agent : " . $_SERVER['HTTP_USER_AGENT'] .

"\nEmail Addr : " . $_GET['email'] .

"\nEmail Id : " . $_GET['id'] . "\n\n\n";

 

// Open the file for writing (append)

$fh = fopen('test.txt', 'a');

fwrite( $fh, $logString );

fclose($fh);

 

// Send the client some image

header( 'Content-Type: image/png' ); // Set the Content-Type HTTP Header

$fh = fopen( 'test.png', 'r' ); // Might as reuse $fh

while ( !feof($fh) ) { // While we haven't reached the end of the file

$data = fgets( $fh, 1024 ); // Get 1024 bytes into $data from the file

echo $data; // Print that to output (ie send it to the client)

}

fclose($fh); // We must've reached the end of the file, so close the file handler

?>

 

second, upload the test.png and test.txt in the same folder

 

third, in the email link an image from http://mydomain.com/image.php?email=some@email.com&id=howeveryouwanttoidentifythatmessage

 

could you explain the third part in a bit more detail. Where it says some@email.com do you want me to put in ther reciever's email? and next to the id do i just put anything

[Aeternus]

Yeah, you have the right idea. some@email.com should be the email of the recipient and id should be something you can put in so you know which email it is.

 

This isn't very automated but you could automate this in a number of ways. readnotify seem to do it within their own smtp servers but you could do it by making a simple webmail interface and sending the mail using php's mail() function (this would be easiest) but often this will get stopped by spam filters (and unless you do quite alot more programming, it wouldn't be sent through your mail server properly, although it would still have the correct email).

[TheGeek]

this works and logs everything but only one problem.

I use thunderbird to insert the image i did <img>the link to the file</img> but this logs the info of the computer i sent it from. I am testing it out by sending emails to my gmail account. I checked it and it doesn't get the image from my server it says that image is from the google servers. Do you see what i'm trying to say?

[mooeypoo]

I have to comment here that most email programs and services warn you before they send a reply to such scripts.

 

This essentially won't work if the reciever blocks the return-transmission notifying you he openned your mail. I personally always block such requests, I view them as destroying my privacy; if someone sent me an email, I'll answer. When I read it or not is irrelevant to him..

 

~moo

[TheGeek]

mooeypoo, i completely respect you blocking the images from showing up. That's what i do as well.

 

 

 

i still can't figure out how readnotify makes the image run from their server and not googles.

[mooeypoo]

Links, probably.. ?

 

Instead of embedding the image in your email, they make the image be loaded through a <img src="http://link.to.their/server/img.gif"> thing..?

 

I don't know, I'm just guessing

 

~moo

[Aeternus]

I have to comment here that most email programs and services warn you before they send a reply to such scripts.

 

This essentially won't work if the reciever blocks the return-transmission notifying you he openned your mail. I personally always block such requests' date=' I view them as destroying my privacy; if someone sent me an email, I'll answer. When I read it or not is irrelevant to him..

 

~moo[/quote']

 

 

I completely agree.

[TheGeek]

the link changes from mine to

<img src="cid:part1.03040008.06080904@gmail.com">

[TheGeek]

in my log the ip keeps staying at 192.168.0.5

 

that's not my ip no clue what that is

[Aeternus]

Are you behind a router? It might be your IP on that network and then you are behind a NAT

 

I mentioned this, the problem with alot of clients is that they will automatically take the image and make it an attachment. That src is one that refers to the attachment sent with the email rather than an external online source. What is happening, is thunderbird (your client) is accessing the image (hence why it logs your details) and then attaching that to the email and sending it. The exact same thing happened to me using thunderbird and rather than fiddling with it and trying to work it out, I just copied the raw email, changed the src and used sendmail to send it.

 

I'm not quite sure what you need to do in Thunderbird to change this, I don't really use it very much (I tend to access all my mail via squirrelmail).

[TheGeek]

what do you think is the best email client to do what i need to do?

 

I saw thunderbird saying "attaching image" so i knew that was happening but didn't know of any other client.

[rich1974]

I have been using readnotify and getting tracked email details.All of them were giving me info until saturday when they were opened about 15 times by the recipient.Everytime they read the email it didn't give me the browser details ie if they were read on a phone or a computer.Could it be the emails were hacked or were they definitely read by the recipient?...if I had got the browser details I would definitely know it was them because I know what phone they have and computer...any advice would be much appreciated