<p>
Match.com, the popular paid online "secure" dating site, was found to
reveal private email addresses during messaging.</p>
<p>
Email Reply headers in the Messages reading pane reveal the "outside"
email of the dating parties to each other. So my reading pane shows
clearly at the top of an email Match.com "Message" thread:</p>
<p>
Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
From:
obnosis@talkmatch.com</p><p>
To:
pairaway@hotmail.com</p><p>
Subject: Match.com Message: RE: Itsadate</p><p>
</p>
<p>
So, I "obnosis@talkmatch" (obfuscated email Match.com only email
address) would immediately know that a man identified only by his
Match.com screen name, was really "
pairaway@hotmail.com". And
alternately he would also be able to see my outside email address in
his Messages reading pane.</p>
<p>
While at the same time, the bottom of the email Match.com "Message"
thread their application tacks on a nice DISCLAIMER:</p>
<pre>
------start------
Important tips: Protect your privacy
Our email system strips away your real email address so that the
recipient will NOT see it in the
From: line; however, you must...
• Remove any mention of your email address from the body of your message.
• Remove or turn off any automatic signature at the end of your email.
• Avoid using Cc: or Bcc: to help protect your identity.
If you receive an email that you find offensive or contains
advertisements for products or services other than Match.com, please
forward the message immediately to abuse@cc.match.com.
If you no longer wish to receive communication from this person you
can block this user from further contact here.
DISCLAIMER
Match.com does not screen private email between members, nor are we
liable for the content of these messages. All members are bound by the
Match.com Service Agreement.
---end----
</pre>
<p>
Match.com was informed on June 25, 2009 with screenshots. They have
yet to respond to this serious security application layer issue.</p>
Screenshot:
http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
--
(503)754-4452 tribe.obnosis.com
scientology.obnosis.com
plug.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
%20would%20immediately%20know%20that%20a%20man%20identified%20only%20by%20his%0A>%20Match.com%20screen%20name,%20was%20really%20%22pairaway@hotmail.com%22.%20%20And%0A>%20alternately%20he%20would%20also%20be%20able%20to%20see%20my%20outside%20email%20address%20in%0A>%20his%20Messages%20reading%20pane.</p>%0A>%20<p>%0A>%20While%20at%20the%20same%20time,%20the%20bottom%20of%20the%20email%20Match.com%20%22Message%22%0A>%20thread%20their%20application%20tacks%20on%20a%20nice%20DISCLAIMER:</p>%0A>%20<pre>%0A>%20------start------%0A>%20Important%20tips:%20Protect%20your%20privacy%0A>%20%0A>%20%20%20%20%20%0A>%20%20%20%20%20%0A>%20DISCLAIMER%0A>%20Match.com%20does%20not%20screen%20private%20email%20between%20members,%20nor%20are%20we%0A>%20liable%20for%20the%20content%20of%20these%20messages.%20All%20members%20are%20bound%20by%20the%0A>%20Match.com%20Service%20Agreement.%0A>%20%20%20%20%20%0A>%20---end----%0A>%20</pre>%0A>%20<p>%0A>%20Match.com%20was%20informed%20on%20June%2025,%202009%20with%20screenshots.%20%20They%20have%0A>%20yet%20to%20respond%20to%20this%20serious%20security%20application%20layer%20issue.</p>%0A>%20%0A>%20Screenshot:%20http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg%0A>%20--%20%0A>%20(503)754-4452%20tribe.obnosis.com%0A>%20scientology.obnosis.com%0A>%20plug.obnosis.com%0A>%20---------------------------------------------------%0A>%20PLUG-discuss%20mailing%20list%20-%20PLUG-discuss@lists.plug.phoenix.az.us%0A>%20To%20subscribe,%20unsubscribe,%20or%20to%20change%20your%20mail%20settings:%0A>%20http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss%0A>%20%0A>%20 "Reply to this message")
(text/plain)