If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
html versus plain text
I've heard that if I open a spam/virus email in html the recipient can
detect this, presumably so they can add me to their 'active addresses' list & and send me more of the stuff. Is that true? Is there a security risk in reading messages in html format rather than plain text, or is this just an urban myth? I'm using OE6.00.2800.1123 and keep my win updates currnet. Thanks --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004 |
#2
|
|||
|
|||
html versus plain text
Spam that contains what I call an HTML *Advertisement* can verify
your address just by being opened. That's not to say you're at risk of a virus. If you are like me and like to use HTML a lot amongst friends, you can protect yourself in two ways. In ToolsOptionsRead, you can switch between reading in HTML and Plain Text. In Plain Text, the HTML image will not be seen and therefore not verify your address. Another way is to make sure you are working *offline* before going to your Inbox. If you want to be able to switch between Plain Text and HTML quickly, Have a look at this free OE Tool: www.oehelp.com/OETool/ You can also switch ID's, expand message threads and much more. -- Bruce Hagen ~IB-CA~ "armpit surfer" wrote in message ... I've heard that if I open a spam/virus email in html the recipient can detect this, presumably so they can add me to their 'active addresses' list & and send me more of the stuff. Is that true? Is there a security risk in reading messages in html format rather than plain text, or is this just an urban myth? I'm using OE6.00.2800.1123 and keep my win updates currnet. Thanks --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004 |
#3
|
|||
|
|||
html versus plain text
Many thanks for your advice Bruce - I'll investigate the OETools program; it
looks useful. "Bruce Hagen" wrote in message ... Spam that contains what I call an HTML *Advertisement* can verify your address just by being opened. That's not to say you're at risk of a virus. If you are like me and like to use HTML a lot amongst friends, you can protect yourself in two ways. In ToolsOptionsRead, you can switch between reading in HTML and Plain Text. In Plain Text, the HTML image will not be seen and therefore not verify your address. Another way is to make sure you are working *offline* before going to your Inbox. If you want to be able to switch between Plain Text and HTML quickly, Have a look at this free OE Tool: www.oehelp.com/OETool/ You can also switch ID's, expand message threads and much more. -- Bruce Hagen ~IB-CA~ "armpit surfer" wrote in message ... I've heard that if I open a spam/virus email in html the recipient can detect this, presumably so they can add me to their 'active addresses' list & and send me more of the stuff. Is that true? Is there a security risk in reading messages in html format rather than plain text, or is this just an urban myth? I'm using OE6.00.2800.1123 and keep my win updates currnet. Thanks --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 19/06/2004 |
#4
|
|||
|
|||
html versus plain text
In article , armpit surfer says...
I've heard that if I open a spam/virus email in html the recipient can detect this, presumably so they can add me to their 'active addresses' list & and send me more of the stuff. Is that true? Is there a security risk in reading messages in html format rather than plain text, or is this just an urban myth? I'm using OE6.00.2800.1123 and keep my win updates currnet. The security risk of viral messages is related to an iframe vulnerability; I believe the OE version number you supplied has patched that vulnerability. The privacy risk of HTML lies with accessing remote images. The sender can create a very small image, 1x1 pixel, and park it in a coded folder on his server. He can then log the connections to his server, and the accesses to the coded folder, and know which email addresses have had the received messages opened. Bruce Hagan offers some solutions. Others include firewall tricks (allowing MSOE only limited port 80 access), and dumping MSOE for a client which won't render "lazy HTML" (the term used by Pegasus Mail to refer to HTML email which calls remote images). Pegasus Mail won't render remote images under any condition; if you want to see the full email, you have to tell Pegasus to load the HTML in a local browser. And Pegasus Mail never was vulnerable to iframe exploits at any time; nor does it know what to do with DestructiveX, or JavaScript. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#5
|
|||
|
|||
html versus plain text
"N. Miller" wrote in message om... In article , armpit surfer says... I've heard that if I open a spam/virus email in html the recipient can detect this, presumably so they can add me to their 'active addresses' list & and send me more of the stuff. Is that true? Is there a security risk in reading messages in html format rather than plain text, or is this just an urban myth? I'm using OE6.00.2800.1123 and keep my win updates currnet. The security risk of viral messages is related to an iframe vulnerability; I believe the OE version number you supplied has patched that vulnerability. The privacy risk of HTML lies with accessing remote images. The sender can create a very small image, 1x1 pixel, and park it in a coded folder on his server. He can then log the connections to his server, and the accesses to the coded folder, and know which email addresses have had the received messages opened. Bruce Hagan offers some solutions. Others include firewall tricks (allowing MSOE only limited port 80 access), and dumping MSOE for a client which won't render "lazy HTML" (the term used by Pegasus Mail to refer to HTML email which calls remote images). Pegasus Mail won't render remote images under any condition; if you want to see the full email, you have to tell Pegasus to load the HTML in a local browser. And Pegasus Mail never was vulnerable to iframe exploits at any time; nor does it know what to do with DestructiveX, or JavaScript. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint Thanks for the additional advice Norman. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004 |
Thread Tools | |
Display Modes | |
|
|