[klapinat0r]

> if somebody sent you an email with that code (even if you never open the email)

What is he trying to say here? How on earth would it be possible to execute the url in the context of your zecco cookies unless it's openend in a (browser) in which you've logged into zecco?

[wlk]

Some webmail clients (and potentially other web communicators like online chats - FB messenger, etc) might pre-fetch all URLs send in the email or chat.

The pre-fetching will use the user's context (and cookies) because it's executed by the user's web browser.

[xyzzy_plugh]

I'm guessing if you used a popular web-based email service, or any browser email client, then this would be possible.

[klapinat0r]

Possibly, but you'd still have to (try to) "render" it in your browser by opening the mail.

On a similar note, your web mail could fetch images in emails ahead of time, but that would still be out of your browser's context

[degenerate]

Remember...... 2008. Many people still had "auto download pictures" enabled in their email.

[raphar]

note that the url is inside an <IMG> tag.

[cyphar]

I know that MS Messenger used to "pre-fetch" URLs in your system's IE session even if you don't open the conversation. I presume there was some similar issue with 2008-era email clients (it's a "useful feature" after all).

[beaconstudios]

I'm guessing he meant a webmail client.