Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In this case one could simply write a script that forwards the request from your own domain to the third party system. It could be done on the server in such a way that the user would never leave your own domain:

1. User clicks http://links.example.com/?redirect=example.com/reset_passwor...

2. The server running on links.example.com makes a request to the third party web server

3. The server redirects the user to http://example.com/reset_password



If doing this, it'd be critical to ensure the redirection script only redirects to example.com, otherwise a phisher could use it. Probably safer to have it only take a path actually


If the server running on links.example.com, wouldn't the 3rd party web server lose out on doing things like setting cookies in the client's browser or determining their rough location via IP address?

Not that I'm particularly a fan of either practice, but there's probably some use cases there that would have to be accounted for in some way that the 3rd party service could accommodate.


If that were needed perhaps links.example.com could display an iframe containing the third party site.

I agree that neither approach is ideal, but it would prevent users from receiving third party links in their emails.


Those cookies would be blocked for browsers with 3rd-party cookies disabled, and Firefox is making that option the default at some point in the near future.


Going to mkt5371.com (the domain in the tracked link) gives you a static landing page with a abuse@silverpop.com contact. This tells me one of two things:

1) Silverpop doesn't have an option to disable tracking for specific links included in emails sent from their system or

2) The person creating the email failed to take advantage of this feature.

If Evernote wanted to take advantage of this feature on purpose in order to determine what percentage of their userbase has reset their password, then I'm baffled why they decided to trust a 3rd party lead management system instead of the updated_at fields in their database.

Either way, the whole point of purchasing Silverpop is that you can avoid having to code your own solution.


You would have to know the URL on the third party server to redirect to. And usually, you don't, because they are generated internally by some pre-processor.


Why can't you automagically redirect from mkt5371.evernote.com/anything to links.evernote.mkt5371.com/anything ?

Better yet, simply point your DNS "passwordreset.evernote.com" to the same server.


Because you don't know what that "/anything" is, only your mailing system does, and it converts links in your email template to these mkt5371-type links right before it sends out the email.


Why do I need to know anything at all about the link structure beyond the domains?

If the user requests (from a link in the mail) "mkt5371.evernote.com/foo123", redirect to "links.evernote.mkt5371.com/foo123"; If they request "/bar456?id=asdask", redirect to the same query under the mailer's domain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: