22 comments

[ 6.6 ms ] story [ 64.4 ms ] thread
This would be fun if we weren't building their dataset for them.
upvoted! In 2009 a friend and I released InboxAlarm - www.inboxalarm.com - to do the same thing.

You'd have the option to warn your friends via a Facebook Status Update to ignore any emails/links they received from you until you verified the intrusion.

Yeah, unless the person doesn't enable images in their email.
I wonder how many people view images in email by default. In gmail, they block images unless you click something to enable them; my Outlook at work also blocks images by default. And these are two very popular email clients.
this is one the reason why i didn't went with sparrow mail client even after my friends recommended it for ease of use and eye candy.
Well, that's a novel way of harvesting associated email address, names, and phone numbers.
Unfortunately, storing a phone number is necessary for this to work. We are open to suggestions for any better solutions anyone may have.
What steps have you taken to protect this information?
To our knowledge, the only way someone could access this information is if the web server itself is compromised.

We checked all entry points and are confident that no one will ever get access to this db.

the only way someone could access this information is if the web server itself is compromised

good thing that never happens.

Oh, the old external image exploit, eh? Seems like a great way to annoy your friends. Most email clients block external images by default for this very reason. Also, the image url is broken, so the message doesn't actually show up.
<s>1. how does this work?</s> obviously the external image trick.

2. can i use it outside US? Japan?

And now I realize I've just knowingly spammed myself and given you my email address and phone number just to satisfy my curiosity. Very well played, sir.
there's www.guerrillamail.com for that!
"I know when and where you open my emails"

Actually you don't because neither my gmail nor my Android mail clients will load images automatically and the emails sent are super suspicious looking, so I'd never enable it for them.

Also since you don't verify my SMS in any way, I might be using your service to send untraceable text spams to someone (perhaps someone I don't like who pays 10 cents per text) by sending gotcha mails to an inbox I control and then opening the mails.

Also, on the "Trap" page, I would highly recommend you remove the "Chase" and "PayPal" templates. Using those on your site and in the "trap" mails you send is possibly wire fraud and would certainly not be appreciated by either party, regardless of intent of this service.

Removing trap templates - excellent idea. Thank you!

Spam - good point. We need to work on verification. Currently, it only works 20 times per IP address. But that's 20 times too many.

This is silly. There are a number of ways to try bugging emails; this uses one of the oldest, and it doesn't work in much of anything anymore by default.

On top of that, SpamAssassin hates it:

    X-Spam-Status: No, score=3.7 required=5.0 tests=HTML_IMAGE_ONLY_08,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,NO_RECEIVED,NO_RELAYS,T_DKIM_INVALID
...so they didn't bother to MIME-format the message correctly with a text component. I know from experience that this can cause your message to be blocked completely by some email services.

Phooey.

I don't see any need for this, especially since it can be so easily defeated. But then again, I fall firmly in the "e-mail should just be plain text" camp.
This probably isn't the right crowd to test this out for you :) I'd wager a non-trival percentage of us use text-only email settings or clients (long live mutt).
Just tested it with my gmail account but didn't receive the email. Is there a way to request that my information be deleted (especially the association between email, name, and phone number)?
Sure. Send me a email at admin@gotcha.io with the email address you used and I will remove everything associated with it, including the email address of course.