I am faced with a task of testing our networks USERS security. We would like to basically see which users are opening junk, spam, and unsolicited emails.
Log this information as proof and try and solve this problem.

Since I like Autoplay so much I would like to see if I can create such a beast in AMS5 Pro.

My thoughts are to create an email that if a user clicks on the link it will launch a LOCAL program on our server. The program will log in a text file User Name, Date, Time based on arguments from the email link. Perhaps a version number of the email.

The email is easy enough, but to create a link to call the Application on the server with arguments ( forexample the username and version number) is where I am lost.

Any ideas or is there a better way.

Thanks for any help.

Mark Taylor

The way that I would go about it is to create a PHP (or ASP or Perl or whatever) script on a Web server that it links to and have the script log the click into a database on the server. Then just make some simple reports and you can report all kinds of stuff like the IP address it came from, time, date and whatever other variables are passed through.

I don't know how to program PHP, but I will research this. I'm a little confused, are you suggesting use just PHP or other webbased programming or in combination with AMS5?

Mark

Well if someone gave me a task like that Mark - they wouldn't like the reply that they would receive.

Do I understand correctly, you want to tempt people into getting themselves into trouble, or am I reading something into your post that isn't there? I am after all getting towards the bottom of an excellent bottle of Cabernet Sauvignon :)

(provided by Antipodean producers - my current favourite :yes )

It could be interpeted that way for sure. In our case we have users abusing these types of emails being sent to our business. Even after meetings and policies there are still problems. We simply need to identify the security risks at our business. You could say we are sending spam to ourselves to help our network instead of hurting it.

I knew this would cause some differences of oppinions. But I do understand both sides of the story. I am however responsible in trying to stop these abuses at our business and since these users are breaking policies and denying any fault, we would like proof of what is going on.

The end user, if doing wrong, will be no more tempted then they already are. The users following the policies will ignore these emails like they always do.

We aren't using this test as a way to fire someone, only to narrow down our security risks.


Mark

...thin and ice are two words that spring to mind here Mark.

Who is responsible for letting the spam through into your network in the first place?

If email is delivered to my workplace email address then I assume that it's safe. If not then somebody else is to blame - not me. My employer has a duty of care towards me, after all I'm only an employee.... (devils advocate)

True,

We have filters and junkemail boxes but the threat seems to be never changing. Even with the best efforts our company's DOLLAR (Cheap) can buy.

I definetly appreciate your thoughts.

Mark

Besides I don't make the ice I just have to walk on it. ;)

Mark,

You dont need AMS to do this. All you need is a web server with logging enabled, such as W3C logging, and any one of the hundreds of web statistics programs such as Web Trends, Live Stats, etc.

Also, you dont even need them to click a link. You can embed an image in an HTML email and use the web stat software to see what IP the image was served to. Simply find the PC associated to that IP and that will give you the who, what, and when you are looking for.

Hope that helps!

Brunz

Thanks that seems to be an easier way to do this evil task.

Thanks for the help.

Mark

Mark I have a little asp script which will capture the users IP address and the time they visited or clicked something into a microsoft access database.

I have used this in AMS 5 as a web object which is hidden and it has been distributed all over the country on CD to track how many people insert the CD's into the PC.

It has been working great.

Maybe this could help you.

King regards

Ian

This sound pretty cool, Can you offer some instruction on how to use all these files. I would appreciate it very much.

Mark

The asp script can be opend in Dreamweaver or frontpage and you can make it into a web page by simply adding your content.

Once you have added all your pictures and your adverts etc you will need to upload the files to a web server which supports .asp

Then simply visit http://www.yourservername.co.uk/theaspfilenamescript.asp and then goto file send page as email to your victims.

everyone who visits this page wil be tracked.

you just simply download the databse and then view who has visited.

I will create a sample for you to see working shortly.

regards

Ian