Security Basics mailing list archives
RE: READ RECIEPTS automatically generated
From: jlewis1957 () netscape net (Jeff Lewis)
Date: Wed, 28 Jan 2004 11:41:29 -0500
"Muhammad Naseer" <naseer () digitallinx com> wrote:
Don't read HTML mails. Turn off reading HTML mails from your outlook settings. Always read mails in PLAIN TEXT. Don't send READ RECIEPTS back to any user. I guess you will understand the rest here.
I'll be reading all THOSE emails with Thunderbird and have them transferred to a different account rather than my normal business account. That doesn't help my users though who use Outlook everyday, and THINK that they are doing the right thing. If they are set up exactly like I am, those read receipts will get through. All my emails were read as if they were in the restricted security zone and all settings in that zone are at disable with a few at prompt me. After review, the only change I've made is that Outlook XP was set to "Send immediately when connected" and I've turned that off. Found out how to change everything to plain text at http://support.microsoft.com/?kbid=307594 and also some good information at http://www.slipstick.com/dev/code/zaphtml.htm Of course, NEVER actually READING the message helps. To that end, Russ Cooper has a good Outlook security review document entitled "How Active is Active Content in Email?" at http://www.ntbugtraq.com/default.asp?sid=1&pid=47&aid=56 Although I took Russ's advice, I doubt that I will be able to convince many of my users to turn off the damned Preview Pane much less eliminating RTF or HTML, but I will start to work on them. I never realized how powerful the AutoPreview function can be when just trying to weed out spam. I had long ago dismissed this as adding to much "noise" to the view. Now I love it. I learned that spammers can log keywords on their website from an html-based email message that was sent to you when you view that email. They can then compare their webserver logs to email addresses to validate the address. They certainly can't read an NDR now can they? This is certainly an effective stealth read receipt. I also read up on MSGTAG. Alas, I STILL DO NOT UNDERSTAND why my client (Outlook XP) generated the receipt. I have to go through these stored SPAMS (stored for a future bayesian filter install) and find the ones that sent it to discover the technique. Sorry for not having done this for you all already. __________________________________________________________________ New! Unlimited Netscape Internet Service. Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Act now to get a personalized email address! Netscape. Just the Net You Need. --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- READ RECIEPTS automatically generated Jeff Lewis (Jan 27)
- RE: READ RECIEPTS automatically generated Muhammad Naseer (Jan 28)
- <Possible follow-ups>
- RE: READ RECIEPTS automatically generated Jeff Lewis (Jan 28)
- Re: READ RECIEPTS automatically generated Meritt James (Jan 28)
- RE: READ RECIEPTS automatically generated Gene LeDuc (Jan 28)
- Re: READ RECIEPTS automatically generated Meritt James (Jan 29)
- Re: READ RECIEPTS automatically generated draconis (Jan 28)
- Re: READ RECIEPTS automatically generated Jeff Lewis (Jan 29)