Feature Request: MailScannerWebBug
Glenn Steen
glenn.steen at gmail.com
Thu Apr 27 13:55:56 IST 2006
On 27/04/06, Kai Schaetzl <maillists at conactive.com> wrote:
> I noticed that I get lots of errors "File does not exist:
> /squirrelmail-1.4.0/src/MailScannerWebBug" and some such when people read
> mail via webmail. The term "MailScannerWebBug" is obviously what gets
> replaced for webbugs. I would like to have this configurable. Not sure
> exactly, how. Maybe:
> - remove the tag at all
> - leave the source blank or with #
> - replace with a URL
>
> Also, the detection seems to be a bit "dumb". It triggers on every 0 or 1
> pixel gif, no matter if it's a webbug or not. F.i. it triggers on:
> http://anon.doubleclick.edgesuite.net/anon.dleclick/cms/EMEA/Palm/295666/N
> ew/magic.gif
> http://www.visualit.co.uk:81/OT000cGFsbUBhbmFlc3RoZXNpZS5uZXQA.GIF
> http://ems6.net/r/?E=XTC-V1N-FQU8O-DD-GU8KF-2
> http://www.enews.nu/cp/0406-2/images/spacer.gif
> http://www.paypal.com/images/pixel.gif
>
> The last two clearly are not web bugs, but spacer.gifs. So, if someone is
> reading these in html the layout may be garbled. A check might be
> advisable here (not for 0 pixel images, of course). Not sure, what to
> check, though. Maybe always leave alone things like "pixel" and "spacer"?
> (= have a positive list) The identification strings vary from digits to
> letters and if they are mostly letters I don't see a way to distinguish
> them from normal names.
>
Really? The only thing differentiating them are the name. They're (for
all intents and purposes) web bugs, and should be squashed. Opening a
possible avenue for these critters to bypass the (then perceived, but
not received) security check would be, to say the least, horrible.
If they care about placement.... well send it in a PDF then. Or use
embedded CSS.
One may take a more ironic/sarcastic approach: If they're dumb enough
to use spacer gifs, they get what they deserve.... Spacer gifs should
be in space along with all the other spacers, not in HTML-encoded
emails:-).
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list