How DidTheyReadIt does it

Finally, we're over our RSS obsession. So here on the Gearhead technical beachhead the topics of news feeds and aggregators, along with Atom, RSS and JSMsg, are drifting away to join the geek flotsam and jetsam.

Backspin promised a few weeks ago that we'd cover the topic of e-mail tracking, but he failed to consult with us, hence the delay. The product that triggered this theme was something called DidTheyReadIt .

DidTheyReadIt, published by Rampell Software, uses a well-known technique to detect when a message is opened and then documents the details of the recipient and attempts to geolocate his IP address.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Finally, we're over our RSS obsession. So here on the Gearhead technical beachhead the topics of news feeds and aggregators, along with Atom, RSS and JSMsg, are drifting away to join the geek flotsam and jetsam.

Backspin promised a few weeks ago that we'd cover the topic of e-mail tracking, but he failed to consult with us, hence the delay. The product that triggered this theme was something called DidTheyReadIt .

DidTheyReadIt, published by Rampell Software, uses a well-known technique to detect when a message is opened and then documents the details of the recipient and attempts to geolocate his IP address.

The technique employed is conceptually simple: Embed an image in HTML mail to be retrieved when the recipient renders the message content and record the image retrieval details. It is a technique loved by spammers who use it to determine whether the address is "hot" - whether a warm body or something that appears to be one is on the other end.

But DidTheyReadIt aims to take the uncertainty out of delivery and remove the excuse, "Sorry, I never got your message." Here's what DidTheyReadIt embeds in each tracked message:

<img src="http://didtheyreadit.com/index.php/worker?code=59493" width="1" height="1" />

The retrieval of the image reference provides the tracking but there's quite a bit to this process. During the client-side installation of DidTheyReadIt, a Winsock Layered Service Provider called the background tracker is installed.

For each Simple Mail Transfer Protocol message sent, the background tracker has to get a unique ID for the message. It makes an HTTP connection to the DidTheyReadIt servers and, using a POST request, provides your DidTheyReadIt account name and password, the recipient of the message and the subject (all in URL-encoded text). This data is stored under your account.

In reply, the server provides the message ID that is used for the value of the GET variable code - the value in the above example is 59493, although the actual IDs used are much longer. Finally, an image reference similar to the one above is inserted, on the fly, into the outgoing message immediately before the closing tag of the HTML body.

When the recipient renders the message, the image reference has to be resolved. As the source of the image is an HTTP GET request, a server-side process (called worker) is called and passed the command tail (code=59493). The value that is associated with the variable code is used to look up the message in the server's database. When the message is found, the retrieval time, the recipient's IP address, referrer, and browser ID string are logged.

The image is a 1-pixel, JPEG, 8-bit, RGB-encoded image with a total file size of 302 bytes (let us digress and note that it is more accurate to call a JPEG image a JFIF, which stands for JPEG File Interchange Format). The single pixel is white (an RGB value of 255, 255, 255), and was created, for what it's worth, using Adobe Photoshop.

Here's a curiosity: In the header of images created with Adobe Photoshop you will find three tags: JFIF, Ducky and Adobe. It appears that Ducky is the smoking gun that indicates that Photoshop was used to create the image, but we can't find any explanation or history regarding the use of Ducky. Let us know if you know what's behind this oddity.