Bugtraq mailing list archives
Administrivia: HTML Email Thread
From: aleph1 () securityfocus com
Date: Tue, 21 Aug 2001 12:48:50 -0600
While this is an interesting issue, I am killing this thread. The behavior of email clients that automatically retrieving data from remote servers without the users knowledge or consent when rendering HTML messages can be considered a risk, and certainly is considered as such by some. As described on the list in the past, similar behavior is exhibited by other applications and document formats. For example, Microsoft Word documents with embedded images. It think we are all in agreement that email clients should at least alert users when fetching remote content and ideally allow the user to disable such behavior. At this point a number of workarounds and suggestions for alternate mail clients have been discussed. Further discussion is off-topic for the list. If you want to continue discussion this issue the RISKS forum is more appropriate. -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Administrivia: HTML Email Thread aleph1 (Aug 21)