A spam message arrived today, and I opened it in SquirrelMail (so I could report it to SpamCop). Imagine my surprise when I saw unsafe images (images linked to remote sites) automatically display, even though I had not clicked the "View Unsafe Images" link.
Curious, I examined the full html source of the message and discovered that this spammer has found a method to defeat SquirrelMail's unsafe image protection: all external URLs are encoded using hex entities. Instead of the true URL of <img src="http://www.1stspots.com/images/business.jpg";>, this spammer inserted <img src="http://www.1stspots.com/images/business.jpg"> Apparently SquirrelMail's unsafe image protection doesn't recognize the encoded URL as an external URL, so the external images displayed immediately. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
![http://www.1stspots.com/images/business.jpg"](http://www.1stspots.com/images/business.jpg"){kind=link}