So Aege@n (airline) has been spamming me with emails after a took a single flight with them.
One day they actually sent an email with the subject that made me believe that it was interested in it, so I opened it, turns out it was a click bait, but:
I had 22 (unread) emails from them in a span of one year and after I opened that click bait I got 7 in the following month. So they knew, I opened it ... But how did they know?
There was no "Return receipt" request, so they have done something sneaky.
Lets look at the email.. ok, its just html
Lets load the images.. ok, some images from http://static.cdn... were loaded.
Wait what is that? All images are from a cdn except one:
https://news.aegeanair.com/pub/as?_ri_=X0Gzc2X%3DAQpglLjHJlTQGmafAoKGsenIJ7EBMdskH5TyfUpyNwKkXSeDbmwPrIMgdr9IPNDpYNzfLdOGMwzcGVXHkMX%3Dw&_ei_=EolaGGF4SNMvxFF7KucKuWPnzljXYMJZUMmgkkIvbZe171NV_sKNU-8XjLVsBtAWB1ASqm8piDcfWdATMJx3XCt5nps.
Lets open that image... ok its a 1x1 gif image.
A 1x1 pixels gif image.
A 1 pixel by 1 pixel gif image.A 1 pixel width by 1 pixel height gif image.
A 1 pixel width by 1 pixel height graphics interchange format image.So they masked a http request to there sever with a unique identifier as an image download request.
Is this ok? Hello?
...
I guess I manually clicked "Load all images" (even 1x1 gifs), so it must be ok...
Wait, so this is why the there is the load all images button... cool.
done_