Administrivia: HTML Email Thread
From: aleph1@securityfocus.comDate: 08/21/01
- Previous message: Jeffrey W. Dronenburg: "Re: HTML email "bug", of sorts."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Aug 2001 12:48:50 -0600 From: aleph1@securityfocus.com To: bugtraq@securityfocus.com Subject: Administrivia: HTML Email Thread Message-ID: <20010821124850.T3366@securityfocus.com>
While this is an interesting issue, I am killing this thread. The behavior
of email clients that automatically retrieving data from remote servers without
the users knowledge or consent when rendering HTML messages can be considered
a risk, and certainly is considered as such by some.
As described on the list in the past, similar behavior is exhibited by
other applications and document formats. For example, Microsoft Word
documents with embedded images.
It think we are all in agreement that email clients should at least alert
users when fetching remote content and ideally allow the user to disable
such behavior.
At this point a number of workarounds and suggestions for alternate mail
clients have been discussed. Further discussion is off-topic for the list.
If you want to continue discussion this issue the RISKS forum is more
appropriate.
-- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
- Previous message: Jeffrey W. Dronenburg: "Re: HTML email "bug", of sorts."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
