In association with heise online

11 May 2010, 10:22

Emails from Facebook contained IP addresses

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Facebook Logo Facebook can be configured to send emails informing users of events such as when a friend comments on the user's status or sends a message. One of the headers in the email can be used to work out the friend's IP address. The header looks like this:

X-Facebook: from zuckmail ([ODAuMTcxLjM2LjY0])
by with HTTP (ZuckMail);

The string in the square brackets is a Base64 encoded IP address, apparently from the Facebook user who sent the message. Services such as's e-mail tracer can be used to convert it back into an IP address and obtain further information.

Not that an IP address is such a big deal, but, in Germany, it can, in some cases, be traced back to a particular person. There is no obvious reason why an IP address should be included in this type of message.

Facebook has now apparently recognised and resolved the problem. The H's associates at heise Security carried out multiple tests on Saturday afternoon, all of which simply returned the IP address (localhost). Older emails for status updates contained plausible IP addresses.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit