New phishing tactic falling through the net
james_gray at ocs.com
Tue Feb 22 22:36:42 GMT 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On Wed, 23 Feb 2005 12:50 am, Julian Field wrote:
> The other thought is why don't I just ban imagemaps altogether. They
> could be disarmed like everything else. Does anyone really need
> imagemaps in email messages?
HTML email is inherently evil (but not quite as evil as TNEF) IMHO. Banning
<MAP> tags might be good but I've never really tracked how many or what
sources our users receive them (map tags) from.
Would it be hard simply to allow/disarm/block them a-la <SCRIPT> tags? Maybe
disarm does something like:
<MAP>foo</MAP> gets the MailScanner treatment to become
<!-- <MAP>foo</MAP> -->
Or is it a little more complicated than that?
More information about the MailScanner