Webbug disabling
John Wilcock
john at TRADOC.FR
Thu Jun 10 15:55:18 IST 2004
On Thu, 10 Jun 2004 15:13:14 +0100, Julian Field wrote:
> Here's a patch for Message.pm that implements your idea.
That was quick (as ever)! Unfortunately I've been thinking, and have
realised that your disabling scheme for webbugs is extremely easy to
subvert. All spammers need to do is add <base href="http://wherever/">
in the <head> of their mail and the mail reader will try to access
http://wherever/MailScannerWebBug :-(
(tested with Outlook XP but no doubt works with other MUAs).
One solution would be to use an absolute URI in the disabled <img> tag,
of course, the other would be to disable the bug completely
<MailScannerWebBug src=...> though this may affect the layout very
slightly.
John.
--
-- Over 2400 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list