"Allow Script Tags" affects attachments?

Peter H. Lemieux mailscanner at replies.cyways.com
Wed Feb 1 20:45:44 UTC 2017


To me, script tags are inherently dangerous and should always be 
blocked.  Sure you can construct a "legitimate" HTML page with embedded 
scripts, but I doubt most messages with scripts are legitimate.  What 
about ones that announce that you opened a message, despite your having 
blocked such notifications?  Or ones that are designed for advertising 
and tracking purposes?  Or worse, what about ones that download malware 
from remote servers and run it locally?

I can think of lots of reasons why I don't want scripts in any email I 
receive.  I have a hard time thinking of any examples where they would 
enhance my email experience.

Peter


On 02/01/2017 03:35 PM, Antony Stone wrote:
> On Wednesday 01 February 2017 at 21:31:30, Jerry Benton wrote:
>
>> Ok, attachments.
>>
>> The should NEVER be script tags in email. This is not how attachments are
>> done.
>
> Sorry, am I misunderstanding?
>
> What's to stop me writing an HTML page, containing <script> tags, and then
> sending it as an attachment to someone?
>
> It strikes me as a perfectly legitimate thing to have in an attachment to an
> email "please let me know what you think of this version..." etc.
>
> The question is whether "Allow Script Tags = No" will block this attachment,
> or allow it because the tag is not in the emal body itself.
>
>
> Antony.
>
>>> On Feb 1, 2017, at 3:29 PM, Antony Stone
>>> <Antony.Stone at mailscanner.open.source.it> wrote:
>>>
>>> On Wednesday 01 February 2017 at 21:16:51, Jerry Benton wrote:
>>>> There should NEVER be scripts tags in email. This is not how images are
>>>> inserted.
>>>
>>> Surely the question was about script tags in HTML attachments to (plain
>>> text or HTML) emails, nothing to do with images...?
>>>
>>>
>>> Antony
>>>
>>>>> On Feb 1, 2017, at 10:34 AM, Oliver Kutscher <ok at addix.net> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I wonder if "Allow Script Tags" is also affecting attachments? So if a
>>>>> HTML containing "<script></script>" is attached will the email be
>>>>> dropped if "Allow Script Tags" is set to "no"?
>>>>>
>>>>> --
>>>>> MrLINK
>


More information about the MailScanner mailing list