Full Disclosure mailing list archives
Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers?
From: Daniel Veditz <dveditz () cruzio com>
Date: Thu, 04 Nov 2004 11:53:42 -0800
plonk () datenritter de wrote:
I think you all know, how this enables spammers to use HTTP-requests for CSS-files to check the validity of e-mails-addresses: Instead of embedding an image with an identification code assigned to the receipients e-mail-address in the address or as a parameter to the request, they can now embed an external style sheet definition in HTML-code with the same "functionality". Analyzing the requests on the server will show the codes corresponding to valid e-mail-addresses.
Services like Readnotify are already using techniques like this. Currently the use of <iframe> is popular, for example. Thunderbird 0.9 (just released) should block all the cases we know about including CSS stylesheets and frames. In the Mozilla Suite the workaround is to view messages as Simple HTML or Plain Text. -Dan Veditz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CSS in E-Mails possible E-Mail-Validity Check for Spammers? plonk (Nov 02)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Peter Besenbruch (Nov 03)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Andrew Clover (Nov 03)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Raoul Nakhmanson-Kulish (Nov 03)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Heikki Toivonen (Nov 03)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Martin Thielecke (Nov 04)
- Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers? Daniel Veditz (Nov 04)