[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Spam and HTML email

I'd like to hear the security experts chime in on this. I've encouraged 
users to disable images in Mail and Newsgroups in Mozilla, which is our 
default email app. However, what your doing prevents even Outlook users 
from getting whanged. I thought that images were able to contain 
embedded information or even javascripts now. Is this true? What are the 
current and coming threats from allowing embedded URLs? To me it seems 
that inherently it is a bad idea to allow this no matter how much people 
want to violate a practical security policy!

Matthew Brown wrote:

> Here's a good question for you sharp shooters...
> I have a mail server set up to DEFANG active HTML. This basically 
> disables all links to web content within the email, so images that are 
> linked from a web URL rather than embedded in the email itself are 
> essentially dead. The typical bad URL graphics show up in the email 
> rather than the image itself. The good thing here is that it prevents 
> a well-known spam technique, which is to track the valid recipients of 
> an email by tracking which images are loaded -- an easy thing for an 
> experienced crew of ne'er-do-wells.
> Here's the question: Should I disable this feature? It is really 
> annoying to my employees to receive email like this, but on the other 
> hand it helps us to be more hidden to spammers.
> Best Regards,
> *Matthew Brown*
> (770) 795-0089
> matthew.brown at cordata.com
> (888) 681-2262 ? (770) 795-0089 ? http://www.cordata.com
>     * * Windows and Linux Networks *
>     * * Anti-virus *
>     * * Security *
>     * * Email *
>     * * Web Development & Hosting *
>    *
>       * Application Development & Hosting * 
>Ale mailing list
>Ale at ale.org

Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *