Webbug disabling

Julian Field mailscanner at ecs.soton.ac.uk
Thu Jun 10 16:08:20 IST 2004


At 15:55 10/06/2004, you wrote:
>On Thu, 10 Jun 2004 15:13:14 +0100, Julian Field wrote:
> > Here's a patch for Message.pm that implements your idea.
>
>That was quick (as ever)! Unfortunately I've been thinking, and have
>realised that your disabling scheme for webbugs is extremely easy to
>subvert. All spammers need to do is add <base href="http://wherever/">
>in the <head> of their mail and the mail reader will try to access
>http://wherever/MailScannerWebBug :-(
>(tested with Outlook XP but no doubt works with other MUAs).

But it will work until the web bug vendors catch on, so it's still better
than nothing.

>One solution would be to use an absolute URI in the disabled <img> tag,
>of course, the other would be to disable the bug completely
><MailScannerWebBug src=...> though this may affect the layout very
>slightly.

I could change it to http://MailScannerWebBug/
which should stop them rather better, shouldn't it?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list