IFRAME

[Martin Sapsed]

Julian Field wrote:
> Very few people use Object Codebase tags in mail. Using Version 4, you
> could set them up to be rules so that mail containing IFrames (or Object
> Codebase tags or both) could be permitted from a few "trusted" addresses
> (such as the Daily Dilbert cartoon) and banned from everywhere else. The
> other alternative is version 4 is to take messages containing either of
> these tags and strip the HTML out of them, which leaves you the message
> content but in a known safe form. People can still click on the links to
> look at the pictures and so on which are held on a web server, while still
> providing protection against attacks.

When we extended our testing of MailScanner we had both IFrames and
Object Codebase stuff barred. The Iframes didn't last long because
without a Daily Dilbert to calm me down ....!

We also ended up permitting Object Codebase tags too because an awful
lot of apparently harmless messages were being dumped. They looked like
stuff sent from web sites, stuff with shockwave animations in etc.
Mostly not business critical but all looking pretty harmless...

Is our experience unique?

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth