upvoted! In 2009 a friend and I released InboxAlarm - www.inboxalarm.com - to do the same thing.
You'd have the option to warn your friends via a Facebook Status Update to ignore any emails/links they received from you until you verified the intrusion.
I wonder how many people view images in email by default. In gmail, they block images unless you click something to enable them; my Outlook at work also blocks images by default. And these are two very popular email clients.
Oh, the old external image exploit, eh? Seems like a great way to annoy your friends. Most email clients block external images by default for this very reason. Also, the image url is broken, so the message doesn't actually show up.
And now I realize I've just knowingly spammed myself and given you my email address and phone number just to satisfy my curiosity. Very well played, sir.
Actually you don't because neither my gmail nor my Android mail clients will load images automatically and the emails sent are super suspicious looking, so I'd never enable it for them.
Also since you don't verify my SMS in any way, I might be using your service to send untraceable text spams to someone (perhaps someone I don't like who pays 10 cents per text) by sending gotcha mails to an inbox I control and then opening the mails.
Also, on the "Trap" page, I would highly recommend you remove the "Chase" and "PayPal" templates. Using those on your site and in the "trap" mails you send is possibly wire fraud and would certainly not be appreciated by either party, regardless of intent of this service.
This is silly. There are a number of ways to try bugging emails; this uses one of the oldest, and it doesn't work in much of anything anymore by default.
On top of that, SpamAssassin hates it:
X-Spam-Status: No, score=3.7 required=5.0 tests=HTML_IMAGE_ONLY_08,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,NO_RECEIVED,NO_RELAYS,T_DKIM_INVALID
...so they didn't bother to MIME-format the message correctly with a text component. I know from experience that this can cause your message to be blocked completely by some email services.
I don't see any need for this, especially since it can be so easily defeated. But then again, I fall firmly in the "e-mail should just be plain text" camp.
This probably isn't the right crowd to test this out for you :) I'd wager a non-trival percentage of us use text-only email settings or clients (long live mutt).
Just tested it with my gmail account but didn't receive the email. Is there a way to request that my information be deleted (especially the association between email, name, and phone number)?
Sure.
Send me a email at admin@gotcha.io with the email address you used and I will remove everything associated with it, including the email address of course.
22 comments
[ 6.6 ms ] story [ 64.4 ms ] threadYou'd have the option to warn your friends via a Facebook Status Update to ignore any emails/links they received from you until you verified the intrusion.
We checked all entry points and are confident that no one will ever get access to this db.
good thing that never happens.
2. can i use it outside US? Japan?
Actually you don't because neither my gmail nor my Android mail clients will load images automatically and the emails sent are super suspicious looking, so I'd never enable it for them.
Also since you don't verify my SMS in any way, I might be using your service to send untraceable text spams to someone (perhaps someone I don't like who pays 10 cents per text) by sending gotcha mails to an inbox I control and then opening the mails.
Also, on the "Trap" page, I would highly recommend you remove the "Chase" and "PayPal" templates. Using those on your site and in the "trap" mails you send is possibly wire fraud and would certainly not be appreciated by either party, regardless of intent of this service.
Spam - good point. We need to work on verification. Currently, it only works 20 times per IP address. But that's 20 times too many.
On top of that, SpamAssassin hates it:
...so they didn't bother to MIME-format the message correctly with a text component. I know from experience that this can cause your message to be blocked completely by some email services.Phooey.