Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Intrusion Attempt?

From: Stewart <bdlists () snerk org>
Date: Mon, 26 May 2003 15:33:48 -0400
Rob Shein wrote:


I'm a little fuzzy about this part...how do you prevent people from
accepting HTML mail, and considering how many mail clients out there send it
by default, what do you do when all of a sudden a large percentage of people
can't email you anymore?
Probably in a similar fashion that you would solve the problem of e-mail attachments [1]no longer accepted per default (about 90% of them are blocked) in the (arguably) most commonly used mail client, the Microsoft Outlook family. Microsoft seems to have removed the paragraph that was most interesting to me, in which they decreed that future versions of Outlook (Express) would completely disallow attachments altogether.
It's just one of those things that went horrifically wrong with e-mail, and changes need to be grandfathered in. Perhaps in answer to your question, an auto-response detailing the security problems inherrant to most HTML e-mail with references detailing how to change the default behaviour in most popular mail clients would be in order. 

[1]: http://support.microsoft.com/default.aspx?scid=kb;en-us;q329570

--
http://www.snerk.org/


----------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: