Re: msgtag read receipts

[Chuck Swiger <chuck () codefab com>]

Hi, Ken--

On Oct 9, 2008, at 11:46 AM, Ken Fox wrote:
> 	Has anyone got any rules for stopping MSGTAG.com from sending  
> unauthorized
> read receipts - I have been looking all over the place since I  
> received a
> message with one earlier today. Basically it embeds a picture in the  
> message
> that confirms being read by virtue of being accessed.

That's a FAIL.  Anyone who uses ClamAV's MailFollowURLs option (or  
equivalent in other antivirus software) is going to have embedded  
links followed by a robot, which indicates nothing about whether a  
human has seen the message.  Anyway, the first thing you should do is  
use a mail client which does not download URLs in email messages until  
and unless you tell it to do so-- such as Mozilla's Thunderbird among  
others.

> I tried blocking the parent IP in my perimeter firewall but the  
> image still renders, and the
> website will as well.

What's a "parent IP"?

Probably the IP of the mailserver relaying the email is not the same  
thing as the hostname in the URL they embed in the email message; you  
need to block the latter and not the former.  If you make a sample  
version of one of these messages available somewhere, it should be  
easy enough to identify the right thing to block.

Note that good network security practice would be to have a firewall  
which blocks most or all traffic to/from internal client machines, and  
requires them to go via a proxy like Squid or whatever in order to  
access the web.  In which case, you'd make your changes to the proxy  
ruleset to block such traffic, which likely gives you finer-grained  
control than an IP-based firewall would.

Regards,
--
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards