OT: Match.com's Message System Exposes Private "Outside" Email Addresses

Stephen cryptworks at gmail.com
Fri Jun 26 09:49:04 MST 2009 

YAY for canned responses

On Fri, Jun 26, 2009 at 9:42 AM, Lisa Kachold<lisakachold at obnosis.com> wrote:
> Match responds with two "support" attempts, but of course the original
> screenshot graphic, if actually READ by a competent person would tell
> the tale instantly.
>
> Description:
> Entered on 06/26/2009 at 07:49:23 by Winifer C.:
> Dear Member,
>
> Thank you for contacting Match.com regarding anonymous emailing.
>
> Match.com preserves your privacy by directing your emails through our
> double-blind system.  Our exclusive technology strips your real email
> address and replaces it with your username and the talkmatch domain
> (username at talkmatch.com). Then the system forwards your messages to
> the members you're emailing.
>
> One way to contact members is by clicking the Email Him/Her link in
> their profiles.
>
> You can also send email messages from your personal registered email
> account to members with whom you have previously corresponded through
> the Match.com site.  Once logged into your personal email account
> (i.e., hotmail, yahoo, etc.), please follow these steps:
>
> 1. Compose a new message
> 2. In the "To" field, type the member's username and add
> @talkmatch.com (i.e., JaneDoe at talkmatch.com)
> 3. Send the message
>
> Before sending the email, please review the following tips protect your privacy:
> * Remove any mention of your email address from the body of your message.
> * Remove any automatic signature at the end of your email.
> * Do not use Cc: or Bcc:
> * Note that our double-blind email system strips away your personal
> email address and it will NOT appear in the “From” line.
>
> For immediate answers to most common questions, please visit our help
> section at: http://www.match.com/matchus/help/helpdtl.aspx?sec=42&lid=108.
>
> For any further assistance please do not hesitate to contact us. We
> wish you the best of luck in finding your match!
>
> Match.com Customer Care
> Winifer C.
>
>
> Screenshot: http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
>
>
> http://www.match.com/matchus/help/contactus.aspx?ct=1&lid=7
>
> How are we doing? Please take a minute to complete the following
> survey on our email response and your match.com experience. Please
> double click on the link below to launch the survey.
> https://www.surveymonkey.com/s.aspx?sm=WB6Y1ZQWNPONI_2bVTPC3Jvw_3d_3d
>
> Reply | Reply to all | Forward | Print | Delete | Show original
>
>
>
> On 6/25/09, Stephen <cryptworks at gmail.com> wrote:
>> yet another strike against match.com in my book.
>>
>> On Thu, Jun 25, 2009 at 8:05 AM, Lisa Kachold<lisakachold at obnosis.com>
>> wrote:
>>> <p>
>>> Match.com, the popular paid online "secure" dating site, was found to
>>> reveal private email addresses during messaging.</p>
>>> <p>
>>> Email Reply headers in the Messages reading pane reveal the "outside"
>>> email of the dating parties to each other.  So my reading pane shows
>>> clearly at the top of an email Match.com "Message" thread:</p>
>>> <p>
>>> Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
>>> From: obnosis at talkmatch.com</p><p>
>>> To: pairaway at hotmail.com</p><p>
>>> Subject: Match.com Message: RE: Itsadate</p><p>
>>> </p>
>>> <p>
>>> So, I "obnosis at talkmatch" (obfuscated email Match.com only email
>>> address) would immediately know that a man identified only by his
>>> Match.com screen name, was really "pairaway at hotmail.com".  And
>>> alternately he would also be able to see my outside email address in
>>> his Messages reading pane.</p>
>>> <p>
>>> While at the same time, the bottom of the email Match.com "Message"
>>> thread their application tacks on a nice DISCLAIMER:</p>
>>> <pre>
>>> ------start------
>>> Important tips: Protect your privacy
>>>
>>> Our email system strips away your real email address so that the
>>> recipient will NOT see it in the
>>> From: line; however, you must...
>>>        • Remove any mention of your email address from the body of your
>>> message.
>>> • Remove or turn off any automatic signature at the end of your email.
>>> • Avoid using Cc: or Bcc: to help protect your identity.
>>> If you receive an email that you find offensive or contains
>>> advertisements for products or services other than Match.com, please
>>> forward the message immediately to abuse at cc.match.com.
>>> If you no longer wish to receive communication from this person you
>>> can block this user from further contact here.
>>>
>>>
>>> DISCLAIMER
>>> Match.com does not screen private email between members, nor are we
>>> liable for the content of these messages. All members are bound by the
>>> Match.com Service Agreement.
>>>
>>> ---end----
>>> </pre>
>>> <p>
>>> Match.com was informed on June 25, 2009 with screenshots.  They have
>>> yet to respond to this serious security application layer issue.</p>
>>>
>>> Screenshot:
>>> http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
>>> --
>>> (503)754-4452 tribe.obnosis.com
>>> scientology.obnosis.com
>>> plug.obnosis.com
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
> --
> (503)754-4452 tribe.obnosis.com
> scientology.obnosis.com
> plug.obnosis.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen

More information about the PLUG-discuss mailing list