[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Mon Jan 5 12:42:51 2004 -->
- <!--x-from-r13: puevf_tvyoreg ng oryyfbhgu.arg (Quevfgbcure Uvyoreg) -->
- <!--x-message-id: 1073324201.4501.1.camel@gilbert -->
- <!--x-reference: 003c01c3d39f$001a24c0$7000a8c0@BLUGLO -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Spam and HTML email -->
- <li><em>date</em>: Mon Jan 5 12:42:51 2004</li>
- <li><em>from</em>: chris_gilbert at bellsouth.net (Christopher Gilbert)</li>
- <li><em>in-reply-to</em>: <<a href="msg00097.html">[email protected]</a>></li>
- <li><em>references</em>: <003c01c3d39f$001a24c0$7000a8c0@BLUGLO> <<a href="msg00096.html">[email protected]</a>> <<a href="msg00097.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Spam and HTML email</li>
On Mon, 2004-01-05 at 10:51, Geoffrey wrote:
> Dow Hurst wrote:
> > I'd like to hear the security experts chime in on this. I've encouraged
> > users to disable images in Mail and Newsgroups in Mozilla, which is our
> > default email app. However, what your doing prevents even Outlook users
> > from getting whanged. I thought that images were able to contain
> > embedded information or even javascripts now. Is this true? What are the
> > current and coming threats from allowing embedded URLs? To me it seems
> > that inherently it is a bad idea to allow this no matter how much people
> > want to violate a practical security policy!
>
> You can certainly validate an email address by embedding a link to a
> unique image in a message if the mail tool displays images. Simply
> create a 1x1 pixel white image and name it to be unique, as:
>
> esotericAT3times25.net.png
>
> And then send it to me. If my browers opens the image, there'll be a
> record of such in the web server that's serving the image.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00093" href="msg00093.html">[ale] Spam and HTML email</a></strong>
<ul><li><em>From:</em> matthew.brown at cordata.com (Matthew Brown)</li></ul></li>
<li><strong><a name="00096" href="msg00096.html">[ale] Spam and HTML email</a></strong>
<ul><li><em>From:</em> dhurst at kennesaw.edu (Dow Hurst)</li></ul></li>
<li><strong><a name="00097" href="msg00097.html">[ale] Spam and HTML email</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00102.html">[ale] [OT] LaserJet 4 toner cartridge replacement</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00104.html">[ale] OT: Anybody sick today?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00099.html">[ale] Spam and HTML email</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00106.html">[ale] Spam and HTML email</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00103"><strong>Date</strong></a></li>
<li><a href="threads.html#00103"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>