Ok. I admit it. I am (was!) a member of a gym and hadn’t been in ages. That’s how they get ya!
Was ok under lock-down, as membership was frozen. But, as measures started to lift they sent out a mailshot saying it was rising from £9.99/mth to £17-18/mth. That’s quite some percentage hike, especially for something you rarely used.
$wife: is it possible to track them opening/reading it?
Me: Pretty sure it is.
<cue me referencing Canary Tokens, how they work. How ‘read receipts’ aren’t so accurate. And, her eyes glazing over>
$wife: Never mind. I’ve sent it. And I’ve CC’d you the details for you to send yours, as I know what you’re like.
<days pass. she’s right>
Here’s the .ps1:
# PowerShell to send an HTML email to someone containing a Canary Token.
# @mcbazza April 2021
# Use only for good. Hack the planet.
# Change this variables as needed:
# SMTP address of your sending service. Office 365 was used in the original code.
$SmtpServer = 'smtp.office365.com'
$port='587' ## or 465
# User + pass to auth with the SMTP service
$SmtpUser = '[your email/user goes here]'
$smtpPassword = '[your pass goes here]'
# Where the email is going to
$MailtTo = '[where the email is going]' # e.g. me@privacy.net
$MailSubject = "[put a email subject here]" # user subscription query
# Who the email is to appear as. Same as username. If your username and email address are different, set this to your email.
$MailFrom = $SmtpUser
$body = "<HTML><HEAD><META http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-1"" /><TITLE></TITLE></HEAD>"
$body += "<BODY bgcolor=""#FFFFFF"" style=""font-size: Small; font-family: TAHOMA; color: #000000""><P>"
# Put content of email here. Use standard/plain HTML. Nothing too fancy.
$body += "something something<br>
more something<br>
please cancel my subscription<br>
something something
"
# You'll need to go to https://canarytokens.org/generate and generate a token
# Select: Custom image web bug
# Seems to be a bug(!) with the form, in that you need to upload an image to be used as the image bug.
# Use this one from Wikipedia: https://upload.wikimedia.org/wikipedia/commons/d/d0/Clear.gif
# When you get the URL of your 'bug' the important bit is the random character string.
# It will look like: http://canarytokens.com/about/images/[randomcharactersgohere]/post.jsp
# You can change the "post.jsp" to be anything you want. Choose something innocuous like 'profile.png'.
$body += "<img src='http://canarytokens.com/traffic/[randomcharactersgohere]/post.jsp' height=1 width=1>"
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $SmtpUser, $($smtpPassword | ConvertTo-SecureString -AsPlainText -Force)
Send-MailMessage -To "$MailtTo" -from "$MailFrom" -Subject $MailSubject -SmtpServer $SmtpServer -UseSsl -Credential $Credentials -Port $port -BodyAsHtml -Body $body
# Be honest. You're using this to cancel your gym membership, aren't you?
# That's what I was doing when I wrote this!
# @mcbazzaDisclaimer: No warranty given, or implied. Your home may be at risk if you fail to keep up payments on it. Don’t run random code you find on the internet, unless you trust/understand it.
If/when it’s read/triggered…
You’ll receive an email that looks like:
Click on ‘more info on this token here’ and you’ll get a map/web view of your canary token, along with its history:
