• worldCritic
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    5 years ago

    This will be more useful to stalkers than the intended use. Send an email to your victim’s personal account with this URL in it, and to their office account w/another URL. Repeat at different times to find out when they’re at home and when they are working.

    Spamassassin is vulnerable to this. Even if you’re smart enough to use a text-based MUA, Spamassassin has a bug that not only follows URLs but leaks to the attacker what DNS server you’re using (thus your likely ISP and approximate region of service). This bug has not been published.