[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Spam and HTML email

Subject: [ale] Spam and HTML email
From: esoteric at 3times25.net (Geoffrey)
Date: Mon Jan 5 10:56:29 2004
In-reply-to: <[email protected]>
References: <003c01c3d39f$001a24c0$7000a8c0@BLUGLO> <[email protected]>

Dow Hurst wrote:
> I'd like to hear the security experts chime in on this. I've encouraged 
> users to disable images in Mail and Newsgroups in Mozilla, which is our 
> default email app. However, what your doing prevents even Outlook users 
> from getting whanged. I thought that images were able to contain 
> embedded information or even javascripts now. Is this true? What are the 
> current and coming threats from allowing embedded URLs? To me it seems 
> that inherently it is a bad idea to allow this no matter how much people 
> want to violate a practical security policy!

You can certainly validate an email address by embedding a link to a 
unique image in a message if the mail tool displays images.  Simply 
create a 1x1 pixel white image and name it to be unique, as:

esotericAT3times25.net.png

And then send it to me.  If my browers opens the image, there'll be a 
record of such in the web server that's serving the image.

-- 
Until later, Geoffrey	esoteric at 3times25.net

Building secure systems inspite of Microsoft

Follow-Ups:
- [ale] Spam and HTML email
  - From: dhurst at kennesaw.edu (Dow Hurst)
- [ale] Spam and HTML email
  - From: chris_gilbert at bellsouth.net (Christopher Gilbert)
- [ale] Spam and HTML email
  - From: jasonday at worldnet.att.net (Jason Day)

References:
- [ale] Spam and HTML email
  - From: matthew.brown at cordata.com (Matthew Brown)
- [ale] Spam and HTML email
  - From: dhurst at kennesaw.edu (Dow Hurst)

Prev by Date: [ale] Spam and HTML email
Next by Date: [ale] [OT] LaserJet 4 toner cartridge replacement
Previous by thread: [ale] Spam and HTML email
Next by thread: [ale] Spam and HTML email
Index(es):
- Date
- Thread