Erik van Straten<p><span class="h-card" translate="no"><a href="https://autistics.life/@Cassandra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Cassandra</span></a></span> wrote: <<< In this relationship, ”customer service" means we spam you [...] >>></p><p>No, usually they don't. They hire a third party to do that, who replaces each link in the mail to a website of theirs. When you click on such a link, *their* webserver will instruct your browser to immediately move on to the original link. You may not even notice the delay.</p><p>However, the third party now knows *that* you've read that specific email and exactly *when* you clicked on *which* link in the mail. They now also know your IP-address, the OS and browser you use and a lot of other things.</p><p>Of course they'll have your browser store one or more of their tracking cookies, so that they can observe your habits over time i.r.t. this specific customer (of theirs), but also correlate that to other customers that may be using their "services".</p><p>Also, you may overlook that links are actually D-tours - because usually, if you're an "example.com" customer, the mail will originate from something like "mail.example.com" or "e.example.com". However, that will *NOT* be a server owned by "example.com" but rather by the third party.</p><p>Typically links in the mail will also start with "https:∕∕mail.example.com∕" (or e.g. "https:∕∕e.example.com∕"), usually followed by (hexadecimal) gibberish - thereby obfuscating your identity, the specific email as well as which of the links you just clicked on (the final URL will be stored on their webserver).</p><p>The cheapest third party provider of such mail services will be the most invasive to *your* privacy and will pay the least attention to security, which regularly leads such businesses to get hacked.</p><p>In such a case, not only the information the third party collected about you (over time) will fall in the wrong hands; scammers will usually also abuse the third party's mail server(s) to send you phishing mails that you cannot distinguish from the ones the third party used to send "legitimately" in the past on behalf of "example.com" (technically: SPF, DKIM and DMARC will confirm that the sender is "example.com").</p><p><a href="https://infosec.exchange/tags/YourRisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YourRisk</span></a> <a href="https://infosec.exchange/tags/Spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spyware</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/PrivacyViolations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyViolations</span></a> <a href="https://infosec.exchange/tags/Surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Surveillance</span></a> <a href="https://infosec.exchange/tags/Tracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tracking</span></a> <a href="https://infosec.exchange/tags/Cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cookie</span></a> <a href="https://infosec.exchange/tags/Cookies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cookies</span></a> <a href="https://infosec.exchange/tags/TrackingCookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrackingCookie</span></a> <a href="https://infosec.exchange/tags/TrackingCookies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrackingCookies</span></a> <a href="https://infosec.exchange/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> <a href="https://infosec.exchange/tags/Money" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Money</span></a></p>