[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] CSS in E-Mails possible E-Mail-Validity Check for Spammers?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] CSS in E-Mails possible E-Mail-Validity Check for Spammers?
From: Andrew Clover <and-bugtraq@xxxxxxxxxxx>
Date: Wed, 03 Nov 2004 09:52:51 +0100

plonk@xxxxxxxxxxxxxx wrote:

Mozilla Mail 1.7.1 (W98) and 1.7.3 (W98) (didn't check different versions) automatically load CSS-files which are linked from within an html-page sent in an e-mail

Yes. There have been other ways to force an HTTP request from HTML mail too (eg. background images, bug 239954) so this is not unexpected.

The "block loading of remote images in mail messages" option isn't waterproof from a privacy point of view. It would be nice if it was, but I'm not sure this is actually Mozilla's goal; perhaps worth filing a bug to force the issue?

- turn off HTML in E-Mails (not possible in Mozilla?)

Should be possible - it is in Thunderbird (View->Message Body as->Plain Text) and I highly recommend doing so.

--
Andrew Clover
mailto:and@xxxxxxxxxxx
http://www.doxdesk.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers?
  - From: Raoul Nakhmanson-Kulish

References:
- [Full-Disclosure] CSS in E-Mails possible E-Mail-Validity Check for Spammers?
  - From: plonk

Prev by Date: [Full-Disclosure] [SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory
Next by Date: [Full-Disclosure] Security (for the common people) in electronic vote?
Previous by thread: Re: [Full-Disclosure] CSS in E-Mails possible E-Mail-Validity Check for Spammers?
Next by thread: [Full-Disclosure] Re: CSS in E-Mails possible E-Mail-Validity Check for Spammers?
Index(es):
- Date
- Thread