On Thursday 08 February 2007 13:53, Mark Evans wrote: > On page 17 in a section relating to how you can protect yourself from > harmful emails there is a reference to NOT using the email preview as a > default setting for the inbox. > Why would they say that? > Does anybody have any comment on the risks involved in using the preview > pane?
Emails can come as plain text, as html, both with or without attachments html can contain code (eg javascript), attachments can contain executable code (eg flash) which the less ecurity conscious email clients (eg Outlook as the worst offender) will simply execute without asking Outlook is particularly bad since it can open gaping security holes by automatically openon attached MS Office documents which can contain scripted code Other than that, even with more security conscious email clients, it pays off to NOT automatically preview html emails: scam mails can hide URLs and email addresses behind fake ones (eg paypal.com appears on the displayed "preview" email, but the link is not to paypal, but to eg scammers.org Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
