OT: Match.com's Message System Exposes Private "Outside" Email Addresses

Thu Jun 25 10:16:57 MST 2009

yet another strike against match.com in my book.

On Thu, Jun 25, 2009 at 8:05 AM, Lisa Kachold<lisakachold at obnosis.com> wrote:
> <p>
> Match.com, the popular paid online "secure" dating site, was found to
> reveal private email addresses during messaging.</p>
> <p>
> Email Reply headers in the Messages reading pane reveal the "outside"
> email of the dating parties to each other.  So my reading pane shows
> clearly at the top of an email Match.com "Message" thread:</p>
> <p>
> Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
> From: obnosis at talkmatch.com</p><p>
> To: pairaway at hotmail.com</p><p>
> Subject: Match.com Message: RE: Itsadate</p><p>
> </p>
> <p>
> So, I "obnosis at talkmatch" (obfuscated email Match.com only email
> address) would immediately know that a man identified only by his
> Match.com screen name, was really "pairaway at hotmail.com".  And
> alternately he would also be able to see my outside email address in
> his Messages reading pane.</p>
> <p>
> While at the same time, the bottom of the email Match.com "Message"
> thread their application tacks on a nice DISCLAIMER:</p>
> <pre>
> ------start------
> Important tips: Protect your privacy
>
> Our email system strips away your real email address so that the
> recipient will NOT see it in the
> From: line; however, you must...
>        • Remove any mention of your email address from the body of your message.
> • Remove or turn off any automatic signature at the end of your email.
> • Avoid using Cc: or Bcc: to help protect your identity.
> If you receive an email that you find offensive or contains
> advertisements for products or services other than Match.com, please
> forward the message immediately to abuse at cc.match.com.
> If you no longer wish to receive communication from this person you
> can block this user from further contact here.
>
>
> DISCLAIMER
> Match.com does not screen private email between members, nor are we
> liable for the content of these messages. All members are bound by the
> Match.com Service Agreement.
>
> ---end----
> </pre>
> <p>
> Match.com was informed on June 25, 2009 with screenshots.  They have
> yet to respond to this serious security application layer issue.</p>
>
> Screenshot: http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
> --
> (503)754-4452 tribe.obnosis.com
> scientology.obnosis.com
> plug.obnosis.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen