[ale] Spam and HTML email
Geoffrey
esoteric at 3times25.net
Mon Jan 5 10:56:29 EST 2004
Dow Hurst wrote:
> I'd like to hear the security experts chime in on this. I've encouraged
> users to disable images in Mail and Newsgroups in Mozilla, which is our
> default email app. However, what your doing prevents even Outlook users
> from getting whanged. I thought that images were able to contain
> embedded information or even javascripts now. Is this true? What are the
> current and coming threats from allowing embedded URLs? To me it seems
> that inherently it is a bad idea to allow this no matter how much people
> want to violate a practical security policy!
You can certainly validate an email address by embedding a link to a
unique image in a message if the mail tool displays images. Simply
create a 1x1 pixel white image and name it to be unique, as:
esotericAT3times25.net.png
And then send it to me. If my browers opens the image, there'll be a
record of such in the web server that's serving the image.
--
Until later, Geoffrey esoteric at 3times25.net
Building secure systems inspite of Microsoft
More information about the Ale
mailing list