View Difference Between Original Email & Disarmed Version
Mark Sapiro
mark at msapiro.net
Tue Aug 3 00:45:34 UTC 2021
On 8/2/21 7:55 AM, Blicka via MailScanner wrote:
> Hello,
>
> Does anyone know how to view the difference between the raw content of
> an incoming email and the resultant copy which is disarmed?
>
> My customers say "So what got removed?"
The answer is "nothing" Things did get added though. MailScanner does
two kinds of disarming. It disarms links whose display text looks like a
host name and whose target is a different host. It does this by
transforming a link like
<a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxs...>
planbayarea.org</a>
by adding
<font color="red"><b>MailScanner has detected a possible fraud attempt
from "lnks.gd" claiming to be</b></font>
so the link becomes
<a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxs...><font
color="red"><b>MailScanner has detected a possible fraud attempt from
"lnks.gd" claiming to be</b></font> planbayarea.org</a>.
This transformation is obvious in the resultant email because of the red
"MailScanner has detected a possible fraud attempt from "lnks.gd"
claiming to be".
The other disarming consists of pointing Web Bug 1x1 pixel image tags to
point to a non-tracking site. E.g.,
<img src="https://links.govdelivery.com/track?enid=ZWFzPTEmYnVsbG..."
width="1" height="1" />
gets something like
https://s3.amazonaws.com/msv5/images/spacer.gif" width="1" height="1"
alt="Web Bug from
added so it becomes
<img src="https://s3.amazonaws.com/msv5/images/spacer.gif" width="1"
height="1" alt="Web Bug from
https://links.govdelivery.com/track?enid=3DZWFzPTEmYnVsbG..." />
The https://s3.amazonaws.com/msv5/images/spacer.gif location is whatever
is configured as 'Web Bug Replacement' in your MailScanner configuration.
This transformation is not visible in the rendered HTML, but neither was
the original. If you want to see it, you can look for 'Web Bug' in the
HTML source.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list