[ale] Spam and HTML email

Christopher Gilbert chris_gilbert at bellsouth.net
Mon Jan 5 12:42:51 EST 2004


Oh.. and remember your opting-in 
by visiting the spamer's website.  ;) 

On Mon, 2004-01-05 at 10:51, Geoffrey wrote:
> Dow Hurst wrote:
> > I'd like to hear the security experts chime in on this. I've encouraged 
> > users to disable images in Mail and Newsgroups in Mozilla, which is our 
> > default email app. However, what your doing prevents even Outlook users 
> > from getting whanged. I thought that images were able to contain 
> > embedded information or even javascripts now. Is this true? What are the 
> > current and coming threats from allowing embedded URLs? To me it seems 
> > that inherently it is a bad idea to allow this no matter how much people 
> > want to violate a practical security policy!
> 
> You can certainly validate an email address by embedding a link to a 
> unique image in a message if the mail tool displays images.  Simply 
> create a 1x1 pixel white image and name it to be unique, as:
> 
> esotericAT3times25.net.png
> 
> And then send it to me.  If my browers opens the image, there'll be a 
> record of such in the web server that's serving the image.



More information about the Ale mailing list