Archive for January, 2008

Tracking email marketing campaigns

Thursday, January 24th, 2008

Well.. I am not claiming to be an expert in tracking email marketing campaigns.. But would like to share some points out of my experience..

While working for NatNif.com project, I had to track the emails (in fact XMas greetings) sent by people to others, whether its viewed, whether the viewer has signed up at NatNif.com or no..

Tracking whether the email is viewed

This is possible only if the mail format is HTML. Tracking is achieved by placing a 1X1 image pixel in the body of the image, which carries a unique id for the email to the particular recipient.

The major threats here are,

  1. Images get displayed only if you allow them in display while viewing the email message.
  2. You cannot embed a pixel in this way i.e <img src=”track.php?id=3454″ /> . Most of the spam filters will remove such dynamic URLs present in image tags.

Out of the above 2 , we do not have any control on the first one. Second one can be solved replacing the dynamic image URL with a innocent looking URL like ‘track-3454.gif’ . I have used Apache’s mod rewrite to process these innocent looking image URLs and take out the id from it and do the tracking.

Next thing which need to be taken care is the links present in the body of the email messages. We can create links with URLs like

http://www.mysite.com/track.php?id=3454&dest=http://www. mysite.com/actual-destination.html .

So here instead of keeping a direct link to

http://www. mysite.com/actual-destination.html

, we are goinging to the tracking page, which tracks the link clicked and finally shows the real destination. In the tracking page, using the id in the link, we can find out which recipient has clicked and come to the site.

If you have any more related info, please feel free to share.

Posted in Web Analytics | No Comments »

Whats Happening to MatCutts Blog?

Tuesday, January 15th, 2008

Hi Matt.. Whats going wrong? I can see that traffic to your blog is getting reduced recently?
MattCutts Blog traffic stats

Anyone here to answer why is it so?

[Update]
See the spike upwards ! It was recent..

Posted in Web Analytics | 1 Comment »

Protect your web forms from email header injection attacks

Monday, January 14th, 2008

Hi.. I am back from my native after the weekend.. and here is some useful stuff..

eMail Header Injection – What it is? 

You have a web form, having some text fields and a submit button, the values are posted to a server sided page , which sends you the details submitted. Take a simple contact us form. If you are a newbie to this, you will not think beyond just capturing the post valaues and sending a mail. But.. do you know that people can send unsolicited emails using the same server sided script, without you getting to know it?

How they do mail header injection? 

Its easier to send mailing commands as POST values to your script. Your script will process these instructions and send spam mails to the recipients mentioned in it. You will not have an idea about the abuse of your script, unless you will see a heavy bandwidth usage or your server people blocking your account for sending spam mails.

How to Prevent eMail Header Injection ? 

Following are some common steps to prevent mail header injection.

1. Enable for posting from only your domain. You can check the referring domain from which the form is posted. You can disable form posts from unknown domains.

2. Cecking user agents : Most of the spam posting engines will have empty User-Agent Strings. So you can add this condition in your server sided code to block spammers.

3. Check for mail commands in POST values. For example,

$badStrings = array("Content-Type:",
"MIME-Version:",
"Content-Transfer-Encoding:",
"bcc:",
"cc:");

the above array contains some of the words you find in a spammers POST values. So you can block the POST, checking the presence of any of these words.

More techniques, if you know any, please feel free to share. Thank you

Posted in PHP | 1 Comment »