Re: E-mail Privacy

[Glenn Leavell <glenn () USG EDU>]

On Tue, May 25, 2004 at 05:00:07PM -0400, Gary Flynn wrote:

# Glenn Leavell wrote:
#
# >Many e-mail clients have a setting to disallow the viewing/loading of
# >remote images, which should neutralize the didtheyreadit service.  For
# >example, I know that Mozilla Thunderbird, Eudora, and Squirrelmail all have
# >this option.
#
# I've been using that feature for some time in both Netscape and
# Mozilla and felt somewhat comfortable until a couple days ago.
# Then my computer showed up in an IDP report accessing a web
# site trying an IE exploit. I backtracked through my messages
# and found a piece of SPAM that caused my Mozilla client to access
# the web site every time the message was displayed.
#
# The message contained:
# <object-disabled data=3D"&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#=
# 119;&#119;&#119;&#46;&#102;&#97;&#116;&#98;&#111;&#110;&#117;&#115;&#99;&#=
# 97;&#115;&#105;&#110;&#111;&#46;&#99;&#111;&#109;&#47;&#112;&#97;&#103;&#1=
# 01;&#46;&#112;&#104;&#112;">
#
# without the "-disabled" in the object tag
#
# Its just an encoded URL but my Mozilla client followed
# it immediately when the message was displayed. Sigh.
# More disillusionment. :)
#
# I don't see a setting specifically disabling HTML mail
# rendering of received messages in mozilla, which, I guess
# would have prevented it.

We attempt to block these types of tags before they get to to the
recipients by using the product MailScanner (see www.mailscanner.info).

Glenn

--
Glenn Leavell <glenn () usg edu>
Director, Systems Support Services
Office of Information and Instructional Technology
Board of Regents of the University System of Georgia

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.