While developing an email functionality with cfmail, we can include one 1X1 px image in the mail body using <img src="". Instead of providing the path of the image for src directly, we can provide the path of one CFM template present on the server. The URL should contain one random number as URL parameter created using CreateUUID() function to uniquely identify each server request when the email is opened. In the CFM template we can render the 1X1 px image using cfcontent and also we can run an update query to set the email status flag to "Read".
<cfmail from="firstname.lastname@example.org" to="email@example.com" subject="test subject" server="mailServerIP" type="text/html">
When the above piece of code loads the body of the email, it makes one unique server call to one CFM, then we can render the image and also can make other server side operations to set the status of the email as "Read".
Note: Similar techniques are used in phising attacks too but in this scenario this technique adds a functionality to check if the sent mail has been opened, so to avoid anti-phising mechanism/filters of mail clients, users need to make sure that -
- Email clients support HTML format
- Image download is enabled or users explicitly download image by clicking on "Download Image"
- This technique doesn't work in offline mode