Hi, I noticed something longtime ago in the Webmail System of Bluewin/Bluemail, when I was sending an email to a customer. I don't think it is a problem of Security, but it is at least a problem of unneeded Information Disclosure.
If you send a hyperlink to somebody in an email, and the user clicks on it, the mail over the Webmail of Bluewin: A referer like this will be sent to the Webserver: (Just a not existing example) http://proxy-mssazhh.bluewin.ch/mail/MessageRead?sid=24159C38CDAFEACE980CEBDB7C54A03353CE3F22&[EMAIL PROTECTED]&seq=%2BQ&auth=%2BA&srcfolder=INBOX&uid=516&srch=0&style=de if you quick see trough the referer, you'll see that the email Address of the user is in it. I personnally think that this is a problem because: 1.) You are identifiable via the email address 2.) a spammer could use your email address Good evening Peter _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
