The video tag test has been split into several separate tests; I recently discovered that the stock Android IMAP client, K-9 Mail, and the Hotmail webmail interface all fetch URLs from the video tag "poster" attribute, before the user clicks "load remote images". For example, if a HTML email contains this tag:
<video poster="http://TRACKING_URL/"></video>I reported it to email@example.com, firstname.lastname@example.org and K-9 about a month ago. Android never responded, Microsoft said they'd look into it. I'm not sure if K-9 are going to patch over the problem themselves, or wait for Android to patch the hole.
I also added some new tests for detecting when a read receipt is sent. I discovered that on an Exchange 2007 system I use, if I access my email via IMAP instead of MAPI, the Exchange system silently sends a read receipt as soon as I read the email, without asking my permission. Whilst I'm on the topic of Exchange 2007, the "light" version of Outlook Web Access on Exchange 2007 automatically loads images from "input" tags of type "image", before the user selects to load remote images:
<input type="image" src="http://TRACKING_URL/">I reported this to Microsoft at some point last year and never received a response. I've not had access to an Exchange 2010 system yet to test but I expect to soon. I'm also aware of currently existing leaks in Sparrow Mail and the Palm OS email client. Please test your clients and let me know if you find anything.
If you want to read more stuff like this, follow my blog or check out the rest of my articles: All, Email related, EmailPrivacyTester related, Privacy related, Security related, Web related. If you found this article helpful, interesting or entertaining, and wish to donate:If you want to leave a tip: