Re: [imp] Email Privacy Test
- Message from Rick Romero r...@havokmon.com - Date: Wed, 30 Apr 2014 20:04:57 -0500 From: Rick Romero r...@havokmon.com Subject: Re: [imp] Email Privacy Test To: Michael M Slusarz slus...@horde.org Cc: imp@lists.horde.org Quoting Michael M Slusarz slus...@horde.org: Quoting Michael M Slusarz slus...@horde.org: Quoting Simon B simon.buongio...@gmail.com: On 30 Apr 2014 13:34, Rick Romero r...@havokmon.com wrote: I have IMP 6.1.7, and I pass the test. The email you recieved CONTAINS the img src='#' tag - so your browser followed it. I'm running Firefox 17.0.1 ESR, and no problem. But Chrome caused the srcset error to get flagged - probably because of the javascript in the From field. It's looks broken in Chrome compared to FF. I suppose IMP could escape that though. Rick Quoting Simon Wilson si...@simonandkate.net: Hi List, I just tried the privacy test at https://emailprivacytester.com, and my setup is failing one of the tests: Test - Img srcset attr In the body of the HTML part, place a tag as follows: img src=# srcset=http://TRACKING_URL/ 1x Any ideas on how I can tighten this one up? This is on Imp 6.1.7, php 5.3.28. I don't know what imp I have, I have a git install that hasn't been updated in a few months, but about half of my tests are red :( The only consolation is the android client is 50% worse... Strange, because IMP tested 100% the last time I looked at this a few months ago (believe it was 6.1 branch). On all browsers. http://bugs.horde.org/ticket/12886 Not the same issue I don't think. This is an img srcset tag that is triggering, not SVG. I don't think that's the same - plus it'll vary by site. If IMP is configured to display inline images automatically (though I don't have an SVG viewer defined), then the tests associated with the image tracking will go red. If your account is set to automatically respond to read requests, then another set of tests will go red. My install is set to not show anything inline, or take any action, without user intervention. I thought that was the default and my install passed 100%, except for the case of Chrome and what I assume was due to the Javascript in the From address, maybe that check has been added or Chome changed since December.. Rick -- Interesting - it only triggers when opening from Imp in Chrome. Open up Horde in Firefox and open the email and it does not trigger. Purely as a matter of interest - Samsung email on my S4 opens a webpage triggered by the email. Very nasty and very wrong. It also triggers the Audio tag. Simon -- Simon Wilson M: 0400 12 11 16 binc7wIUK9xp1.bin Description: PGP Public Key pgpJSJxUk4cpi.pgp Description: PGP Digital Signature -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] Email Privacy Test
Quoting Rick Romero r...@havokmon.com: My install is set to not show anything inline, or take any action, without user intervention. I thought that was the default and my install passed 100%, except for the case of Chrome and what I assume was due to the Javascript in the From address, maybe that check has been added or Chome changed since December.. Yes. Chrome has recently added the srcset feature. This is now detected and blocked in IMP 6.2. michael ___ Michael Slusarz [slus...@horde.org] -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
[imp] Email Privacy Test
Hi List, I just tried the privacy test at https://emailprivacytester.com, and my setup is failing one of the tests: Test - Img srcset attr In the body of the HTML part, place a tag as follows: img src=# srcset=http://TRACKING_URL/ 1x Any ideas on how I can tighten this one up? This is on Imp 6.1.7, php 5.3.28. Simon. -- Simon Wilson M: 0400 12 11 16 binC085E_xpQj.bin Description: PGP Public Key pgphf_2gEO5wJ.pgp Description: PGP Digital Signature -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] Email Privacy Test
I have IMP 6.1.7, and I pass the test. The email you recieved CONTAINS the img src='#' tag - so your browser followed it. I'm running Firefox 17.0.1 ESR, and no problem. But Chrome caused the srcset error to get flagged - probably because of the javascript in the From field. It's looks broken in Chrome compared to FF. I suppose IMP could escape that though. Rick Quoting Simon Wilson si...@simonandkate.net: Hi List, I just tried the privacy test at https://emailprivacytester.com, and my setup is failing one of the tests: Test - Img srcset attr In the body of the HTML part, place a tag as follows: img src=# srcset=http://TRACKING_URL/ 1x Any ideas on how I can tighten this one up? This is on Imp 6.1.7, php 5.3.28. Simon. -- Simon WilsonM: 0400 12 11 16 -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] Email Privacy Test
Quoting Michael M Slusarz slus...@horde.org: Quoting Michael M Slusarz slus...@horde.org: Quoting Simon B simon.buongio...@gmail.com: On 30 Apr 2014 13:34, Rick Romero r...@havokmon.com wrote: I have IMP 6.1.7, and I pass the test. The email you recieved CONTAINS the img src='#' tag - so your browser followed it. I'm running Firefox 17.0.1 ESR, and no problem. But Chrome caused the srcset error to get flagged - probably because of the javascript in the From field. It's looks broken in Chrome compared to FF. I suppose IMP could escape that though. Rick Quoting Simon Wilson si...@simonandkate.net: Hi List, I just tried the privacy test at https://emailprivacytester.com, and my setup is failing one of the tests: Test - Img srcset attr In the body of the HTML part, place a tag as follows: img src=# srcset=http://TRACKING_URL/ 1x Any ideas on how I can tighten this one up? This is on Imp 6.1.7, php 5.3.28. I don't know what imp I have, I have a git install that hasn't been updated in a few months, but about half of my tests are red :( The only consolation is the android client is 50% worse... Strange, because IMP tested 100% the last time I looked at this a few months ago (believe it was 6.1 branch). On all browsers. http://bugs.horde.org/ticket/12886 I don't think that's the same - plus it'll vary by site. If IMP is configured to display inline images automatically (though I don't have an SVG viewer defined), then the tests associated with the image tracking will go red. If your account is set to automatically respond to read requests, then another set of tests will go red. My install is set to not show anything inline, or take any action, without user intervention. I thought that was the default and my install passed 100%, except for the case of Chrome and what I assume was due to the Javascript in the From address, maybe that check has been added or Chome changed since December.. Rick -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org