Bugtraq mailing list archives
Re: mailto links
From: "[Segmen]" <dontpanic999 () yahoo com>
Date: Wed, 12 Sep 2001 08:37:35 +0100
----- Original Message ----- From: "stanislav shalunov" <shalunov () internet2 edu> To: "[Segmen]" <dontpanic999 () yahoo com> Sent: Wednesday, September 12, 2001 4:25 AM Subject: Re: mailto links
Do you see a problem with this behavior? It's standard. If you see a problem, please state what it is. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ "Hey! Who took the cork off my lunch?!" -- W. C. Fields
Yes, I do see some problems with this behaviour. I could use this to trick innocent people into distributing my malware for me, with the added bonus that the email will look like it is somone genuinely trying to contact them. It could also make people breach the rules of their ISP or organization by apparently trying to send a virus, for example. possibly getting them into trouble, or having their account suspended. also from http://www.ics.uci.edu/pub/ietf/uri/rfc2368.txt RFC 2368 - " Thus, a mail client should never send a message based on a mailto URL without first showing the user the full message that will be sent (including all headers that were specified by the mailto URL), fully decoded, and asking the user for approval to send the message as electronic mail. The mail client should also make it clear that the user is about to send an electronic mail message, since the user may not be aware that this is the result of a mailto URL. " I'm not sure, this fulfills this, anyone? I'm sure theres more! -- http://www.ukchat.com - UKChat http://sdf.lonestar.org - SDF Public Access UNIX system http://www.geocities.com/dontpanic999/ - my WebSpace _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- mailto links [Segmen] (Sep 11)
- Re: mailto links C. Cooke (Sep 11)
- Message not available
- Re: mailto links [Segmen] (Sep 12)
- <Possible follow-ups>
- RE: mailto links Craig Humphrey (Sep 11)
- Message not available
- Re: mailto links Martin Stricker (Sep 12)
- Re: mailto links Scott Buchanan (Sep 13)
- Message not available