Another great post by our guest blogger Richard Perlman:

I hacked at the VistaICM email process and here is what I found:

Part 1: The information for the email is sent, via HTTP, to outgoing.in2myhome.com. So, If you are running a local DNS server, you can enter a record for that host/domain and resolve it to some other HTTP server.

Part 2: The information is sent as a GET request. I.e. It’s ALL in the URL. Really simple (and insecure). For example, here is an “Armed” notification:
GET /email.aspx?address=alarm%40foo.com&subject=Security+Alert&message=System+Armed&mac=00%3A0e%3A70%3A00%3A35%3A7d&time=02-16-2010+01%3A03%3A33+PM

So, all that would need to be done is to write a simple cgi-bin script to handle requests for /email.aspx to parse the GET request and create an email or do whatever you wanted.

Richard