Administrivia: HTML Email Thread

From: aleph1@securityfocus.com
Date: 08/21/01


Date: Tue, 21 Aug 2001 12:48:50 -0600
From: aleph1@securityfocus.com
To: bugtraq@securityfocus.com
Subject: Administrivia: HTML Email Thread
Message-ID: <20010821124850.T3366@securityfocus.com>

While this is an interesting issue, I am killing this thread. The behavior
of email clients that automatically retrieving data from remote servers without
the users knowledge or consent when rendering HTML messages can be considered
a risk, and certainly is considered as such by some.

As described on the list in the past, similar behavior is exhibited by
other applications and document formats. For example, Microsoft Word
documents with embedded images.

It think we are all in agreement that email clients should at least alert
users when fetching remote content and ideally allow the user to disable
such behavior.

At this point a number of workarounds and suggestions for alternate mail
clients have been discussed. Further discussion is off-topic for the list.
If you want to continue discussion this issue the RISKS forum is more
appropriate.

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum