Note to Groupwise users: this can be accomplished by right-clicking a message and choosing 'properties'. IIRC, there's also a way to do it in Exchange that I forget right now. And good Lord, you'd have to be a speshul kind of idiot admin to send your email traffic through a third party just to get the benefits of this service.

Agreed. This is rediculous. Why would someone pay for this?

In addition to what has been stated, such a 3rd party relay can also harvest e-mail addresses listed as recipients and senders for sale to spammers. Some will say, "But the EULA says..." ... BS.

Assuming they follow their agreement for use of addresses and privacy, bankruptcy courts across the US continue to agree that phone numbers, e-mail addresses, and snail-mail addresses are assets which may be liquidated to return money to investors. Even if the biz is ethical, their terminaton of business through bankruptcy (Chapter 7, and/or liquidation of assets) may lead to their lists being sold to spammers in direct violation of original agreement (since the company is dissolved and effectively, no longer exists to uphold its end of the agreement.)

Many of these services use a mixture of return receipt requests or other well established systems that require support from the client mail reader. Some will use embeded javascript or html or even img src references in html to a unique ID passed as an arg to a cgi to track opening of messages based on access to a web server.

Reliance on an untrusted client makes for a bad security model.

this is very true

the same reason the atkins diet is so popular; misinformed and desperate consumers.

I also think stupid should be added to that, along with a few other descriptors but I think I'll restrain myself from posting those.

oh how could i have forgotten 'stupid'...

Should we be that surprised now days? Look around for the amount of money people charge for simple computer services. We all should know that in this day of age, if the presentation looks good, and easy to use/gets the job done. People will put out the money... its sad though.. Really sad...

That illiterate users get fooled into paying mass amounts of cash for a script that checks a couple of boxes….

Thank you.

-xChris

Because people are dumb.

No kidding (there's also no doubt that those speshul idiots exist). But I suspect they're trying to target interorganizational mail, not situations where both sender and receiver are under the same mail system. Once you're talking SMTP, anything like a "return receipt" or "when read" response is purely voluntary.

No extra credit points will be awarded for guessing that these folks probably tack a tiny URL reference into the e-mail, and track the "when read" based on when that URL is hit. Not terribly sophisticated, and hardly guaranteed to work (I disable URL lookups in my mail clients wherever possible -- and just try to get a return receipt from a message I read in Pine if I don't want you to).

Yep, I commented on this further back in the thread.

If you are an admin and like a webmail based solution, then you can consider SquirrelMail, since it has plugins and by default ships with foreign image displays and included javascript disabled. The default display is text, and does some conversion of HTML-only email to text for display.

For images from foreign locations, you get a default image stretch or resized which says, "This Image removed for security reasons" You can, of course, choose to display all of the foreign referenced images, and have a different selection for default display of attached images too.

SM also has support for PGP/GPG key verification and encryption to others in a plugin. The Same plugin does not allow (by default) the very insecure "signing of your own mail" or "decrypting mail" which was encrypted for delivery to you (for obvious reasons) [but this can be added if you really want to do something that could break the pgp/gpg web of trust.] [Also, by "very insecure" I mean "very insecure for a shared web-based mail system since you do not control the box where you passphrased would be passed, and may not own the box you are using to check your mail-- and both can lead to leakage of your passphrase. I am not implying the use of these features in pgp/gpg is bad, just the use in this specific instance.]

Many cool plugins and features to help make tracking more difficult and verification of receipt by spammers tough too.

It also has a pretty good SpamAssassin-SQL plugin for control of SA-SQL stored settings which is very nice.

It does have a history of security issue though too, but few web-based mail systems have been able to avoid this.

Disclaimer: (I am not a SquirrelMail Developer)

[Edit: added content above in [ ] ]

Ah, so you did. That should teach me to read all the posts, not just the first few lines.

BTW, my favorite voluntary mail client feature is the Outlook/Exchange message recall when people try to use it through the Internet. "Joe Buttmunch would like to recall the message 'Oops I screwed up'." Well, that's a shame, because the Internet doesn't work that way, Mr. Buttmunch. Sucks to be you.

Why do you care? If they read it, they'll reply. It's idiotic to filter your mail through a third party for this (as was previously stated).


- CD