RE: [Full-Disclosure] Is the FBI using email Web bugs?

["Poof" <gui@goddessmoon.org>]

Actually- the problem with that is that fine... it won't allow any ports
except for the needed 25/110/143... Then what's to stop an image from using
http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever)

... Nothing!

Nice try though... Best protection is through your email client. O2K3 does
it native ^^

~

> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
> admin@lists.netsys.com] On Behalf Of Ben Nelson
> Sent: Wednesday, January 07, 2004 7:34 PM
> To: Gregh
> Cc: full-disclosure@lists.netsys.com
> Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
> 
> Gregh wrote:
> > wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express
> (or
> > whatever you like) access to different ports. So, I tell it to disallow
> > access to or from port 80 by OE. Thus, a received HTML email with pics
> and
> > such in it just shows blanks, "x" or placeholders, really. Now, while
> saying
> > this, if you decided to use some other port to report back on, sure, you
> > would get around this but the majority of spam operators who spam you
> don't
> > require JUST the "click to remove" to be clicked to verify you DO exist
> thus
> > send more spam and sell the address to another spammer. They also have
> port
> > 80 and if the email is clicked on by a typical OE setup, just to delete,
> it
> > "phones home". For those described earlier in this paragraph, ZA
> blocking OE
> > in/out on port 80 stops most of the phone home stuff.
> 
> Couldn't you just block all port access from OE *EXCEPT* those that are
> needed? (probably 25, 110, 143)
> 
> --Ben
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html