[22347] in bugtraq
Re[2]: HTML email "bug", of sorts.
daemon@ATHENA.MIT.EDU (Mark Tinberg)
Mon Aug 20 23:37:56 2001
Date: Mon, 20 Aug 2001 19:39:24 -0500 (CDT)
From: Mark Tinberg <tinberg@securepipe.com>
To: Walter Hop <walter@binity.com>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <955188180.20010820112602@binity.com>
Message-ID: <Pine.LNX.4.33.0108201931360.13247-100000@tinberg.wi.securepipe.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I think that Walter hinted at another scheme that hasn't yet been
explicitly mentioned. By making a request like the one below the spammer
can use their DNS server logs to track messages, even if all TCP access is
blocked by a personal firewall.
The answer, as stated below, is that any email client that does HTML mail
should be highly restricted on what tags it interprets (no "active"
content) and should not display anything that didn't come included with
the message. Possibly there should be a special DTD just for this
purpose.
On Mon, 20 Aug 2001, Walter Hop wrote:
..SNIP..
> http://4747683621.spammer.com/
..SNIP..
> Some mailers like "The Bat" have their own HTML engine that refuses to
> do HTTP requests at all. This seems the best solution.
--
Mark Tinberg <MTinberg@securepipe.com>
Network Security Engineer
SecurePipe, Inc. -- Managed Network Security Services
Remember: Wherever you go, there you are!
