Comment on Detecting a tracker pixel/image in email
kivulallo@lemmy.world 7 months ago
if you run a whois on the domain, it turns out it belongs to mailjet. they are a big service provider for bulk emails, notifications, stuff like that.
my guess is this is their cdn or something similar. you can see the “1wy1y” string in the URL path as well as a sub-domain. that’s most likely the customer ID or “tenant id” for the gov agency inside the mailjet cloud. also guessing that “tplimg” could stand for “template image” or similar, indicating that they have an email template with this image always being there. which makes sense if it’s a logo.
as for the curl call, i tried to open the url in a browser, but it just sends an empty response, that’s why you don’t see a content-length headee. i guess mailjet checks where the url is being called from, either with user-agent or some custom headers or whatever, so it only loads if you actually open the email. this prevents unnecessary traffic costs for them.
i don’t there is anything wrong here, just laziness on the gov agency’s side. they could have created some sub-domain that is an alias pointing to this mess. it wouldn’t cost anything.
coffeeClean@infosec.pub 7 months ago
I scrambled it for my own privacy, so that would not work. But I preserved the structure well enough that your insight was helpful.