Full Disclosure mailing list archives

Re: Email marketing company gives out questionable security advice

From: "Richard Johnson" <rdump () river com>
Date: Wed, 2 Jul 2003 22:44:45 -0600

At 20:03 -0400 on 2003-07-02, Richard M. Smith wrote:

Hi,

Last week, I received an unsolicited email message from Mobil Travel
Guide about their new online service.  In the message, I was encouraged
to turn back on ActiveX and scripting in Outlook in order to view a
Flash movie embedded in the message.  Needless to say, I thought this
was a terrible idea.  Instead, I wrote the company who created the ad,
Digital Produce (http://www.digita lproduce.com), saying they were giving
out bad security advice and they should stop doing this sort of thing
in future mailings.



The spamming for Mobile Travel Guide isn't the worst this bunch has done.

Amusingly, digitalproduce.com (AKA flashedmail.com) was involved in a
whitcon.net/uswives.com spamgang [1] attack against a number of addresses
on our servers just about a year ago.

They've been blacklisted on all our servers since.  Mere mention of their
security violation URLs in mail bodies causes the mail to be rejected.
This prevents their willful lack of security, let alone their deliberately
bad advice, from affecting our users.

All in all, their association with infamous porn spam gang Whitaker
Consulting has been a good thing for securing our systems against their
shoddy flash and evilX.  I sincerely applaud their taste in business
partners.  Bad company breeds bad attitude.  Or is it the other way around?

As long as they keep spamming, and providing spam support, they'll remain
blocked.

It will be interesting to see how email marketing companies and
spammers adapt to these technical changes in HTML email.



I've yet to discover any useful, practical difference between "email
marketing companies" and "spammers".  The terms are synonymous.

Why anyone would trust active content from a spammer is beyond me.


Richard

[1] http://www.spamhaus.org/rokso/search.lasso?evidencefile=1610
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Email marketing company gives out questionable security advice Richard M. Smith (Jul 02)
- Re: Email marketing company gives out questionable security advice Nick FitzGerald (Jul 02)
  - RE: Email marketing company gives out questionable security advice Richard M. Smith (Jul 03)
- Re: Email marketing company gives out questionable security advice Richard Johnson (Jul 02)