Re: Email webbugs

From: Scott Strehlow (strehlow@usermail.com)
Date: 08/27/01


Message-Id: <5.0.2.1.0.20010827103551.01c03a68@usermail.com>
Date: Mon, 27 Aug 2001 10:44:53 -0500
To: "abuse" <postmaster@getinfo.org>, "Focus-MS" <focus-ms@securityfocus.com>
From: Scott Strehlow <strehlow@usermail.com>
Subject: Re: Email webbugs

Geo, et. al.

Unfortunately, any image URL in an e-mail message can be used as a
bug. Hiding it is really only relevant if there is no contextual reason
for an image to be in the message.
Any e-mail client that will display the HTML will send the bug information,
since it is the actual image file URL that carries the identity information.
I've created Eudora rules that look for image tags with height and width =
1, which change the label property of the message to red. Any messages
with any image tag get colored orange. Of course this is not foolproof,
but it does give me a heads up that a message could possibly be "bugged"
and so I won't open it if I am not sure I want to. I can always look at
the mailbox file with Notepad to read the message without the images.

Scott

At 07:12 AM 8/27/2001, abuse wrote:
>One of the things that has always bothered me about Outlook Express and
>Outlook is that they are susceptable to webbugs. Basically there are no
>options to block confirmation of your reading an email so any spammer can
>verify that your address is active as long as they can get you to just view
>an email.



Relevant Pages

  • CDO / SMTP Bug: dropped period character at start of a line
    ... I noticed a bug using CDOSYS to send ... emails via a drop directory on a Windows 2000 SMTP service (the same bug ... An image URL in the body of the email was having ... the period character dropped. ...
    (microsoft.public.win32.programmer.messaging)
  • Report a bug relative ssh key exchange.
    ... I found a dangerous bug about ssh with key exchange. ... Le informazioni contenute in questa comunicazione e gli eventuali ... This e-mail message and any files transmitted with it contain ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • RE: Email webbugs
    ... Subject: Email webbugs ... they insert a web bug in your email before sending it on. ... when it is read by the end user on a html enabled mail reader, ...
    (Vuln-Dev)
  • Re: broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch) (SOLVED)
    ... Thanks for the bug link, Jochen - there was no report in my bug search, ... Confidentiality Notice: This e-mail message (including any attached or ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • SMTP Configuration
    ... Is there a bug here? ... in sending the e-mail message. ... server administrator. ... Often, after getting the message, I can hit the browser ...
    (microsoft.public.sharepoint.windowsservices)