Hacker News new | past | comments | ask | show | jobs | submit login

There's an interesting tradeoff -- marketers no longer know your location, browser, client or how many times you've opened the email. However, any spammer now instantly knows that the email address is valid.

It's probably an improvement, but not all the way there. For actual privacy, what GMail needs to do (and I realize this is slightly unfeasible due to the amount of email they receive) is instantly open and cache every single email to every single email address (including non-existent addresses).




If you want to know if an email address is valid, you connect to gmail's server and send "RCPT TO:<example@gmail.com>" and they will tell you if it's valid or not.


Are you sure about this? Just tested it out:

    openssl s_client -connect  smtp.gmail.com:465 -crlf

    220 mx.google.com ESMTP u17sm2709629qeb.4 - gsmtp
    helo
    250 mx.google.com at your service
    auth login
    334 VXNlcm5hbWU6
    < BASE_64 USERNAME> 
    334 UGFzc3dvcmQ6
    < BASE_64 PASSWORD> 
    235 2.7.0 Accepted
    MAIL FROM: <my_email>
    250 2.1.0 OK u17sm2709629qeb.4 - gsmtp
    rcpt to: <my_email>
    250 2.1.5 OK u17sm2709629qeb.4 - gsmtp
    rcpt to: <emaildne39g39jd9j9jfsdk@gmail.com>
    250 2.1.5 OK u17sm2709629qeb.4 - gsmtp
I get an OK with BS emails too...


You should try telnet to port 25 and don't login. If you're sending what could be an outgoing email, it is more likely to queue it.

    MAIL FROM:<tedu@tedunangst.com>
    250 2.1.0 OK g15si484689qej.92 - gsmtp
    RCPT TO:<tedunangst1233141@gmail.com>
    550-5.1.1 The email account that you tried to reach does not exist. Please try
    550-5.1.1 double-checking the recipient's email address for typos or
    550-5.1.1 unnecessary spaces. Learn more at
    550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 g15si484689qej.92 - gsmtp


Cool, thanks!


That will only tell you if the account exists. The request for an image tells you more: that that account is actually used.


I'm not sure spammers particularly care if they have a lot of email addresses that people don't really read. Google was already bouncing messages to invalid recipients, so completely nonexistent email addresses were already filtered.

Granted, it's one step further to know if you're getting past the spam filter. But I feel like that's testable using your own accounts.


> There's an interesting tradeoff -- marketers no longer know your location, browser, or how many times you've opened the email. However, any spammer instantly knows that the email address is valid.

Before, however, if you never clicked on "show images" then spammers knew nothing at all.


Yes, that's the tradeoff.


As far as I can tell, Gmail is not returning open data until the email is actually opened. Gmail is pretty good about identifying spam and putting it into recipients spam folders which is usually not opened.


> However, any spammer now instantly knows that the email address is valid.

That information is worth orders of magnitude less than it used to be, especially for Google hosted email as their spam protection is near-perfect. My email address is available in the clear in a number of archived mailing lists among other places, and I'm not getting any spam at all.


Google might only be turning it on for email that's trusted. They could be leaving images turned off for messages in the spam folder.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: