[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Spam and HTML email

Dow Hurst wrote:
> I'd like to hear the security experts chime in on this. I've encouraged 
> users to disable images in Mail and Newsgroups in Mozilla, which is our 
> default email app. However, what your doing prevents even Outlook users 
> from getting whanged. I thought that images were able to contain 
> embedded information or even javascripts now. Is this true? What are the 
> current and coming threats from allowing embedded URLs? To me it seems 
> that inherently it is a bad idea to allow this no matter how much people 
> want to violate a practical security policy!

You can certainly validate an email address by embedding a link to a 
unique image in a message if the mail tool displays images.  Simply 
create a 1x1 pixel white image and name it to be unique, as:


And then send it to me.  If my browers opens the image, there'll be a 
record of such in the web server that's serving the image.

Until later, Geoffrey	esoteric at 3times25.net

Building secure systems inspite of Microsoft