On Tue, 15 May 2001 19:55:52 -0400, <jlewisat_private> wrote: >I received this email today. The headers show it being sent from a machine >in Korea. Everything in the headers is forged, but I just can't figure out >what the motive is behind it. Also, at the end of the email, there was a >gif and I included the embedded html link. Has anyone else seen this? I >have munged the IP's. ---Begin E-mail jlewis received--- >I'm currently writing a thesis on the network topology and would very much >appreciate your cooperation. I am trying to draw out a map of how the IPs >are distributed geographically. I realize that the IP registration data >often times have country/state/city information that are different from the >actual physical location of where the IPs are used. >Country: US >State: VA >City: MCLEAN > >Can you please tell me if this is the actual physical location of the IPs? >If not, can you please tell me the actual location? Again, thank you for >your cooperation. ><http://211.33.122.158/icons/1/cal_1506.gif> Interesting that the E-mail sender may get some of her data when you open the message in an HTML rendering capable client, independent of whether you reply. When the cal_nnnn.GIF's are fetched from the server, logged client IP address(es) could be stored a database. http://211.33.122.158/icons/1/ is filled with cal_1506.gif cal_1507.gif cal_1508.gif cal_1509.gif cal_1510.gif cal_1511.gif...ad nauseam. Jim Mackraz has a demo of an "HTML Read-receipt" here http://www.mackraz.com/trickybit/readreceipt/ The concept might allow mapping/targeting the e-mail recipient's IP addr (when opening the message) to the netblock contact > e-mail address to which that message was sent. Matt Scarborough 2001-05-17 ____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1
This archive was generated by hypermail 2b30 : Thu May 17 2001 - 18:39:58 PDT