Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mailto links

From: "[Segmen]" <dontpanic999 () yahoo com>
Date: Wed, 12 Sep 2001 08:37:35 +0100
----- Original Message -----
From: "stanislav shalunov" <shalunov () internet2 edu>
To: "[Segmen]" <dontpanic999 () yahoo com>
Sent: Wednesday, September 12, 2001 4:25 AM
Subject: Re: mailto links



Do you see a problem with this behavior?  It's standard.  If you see a
problem, please state what it is.

--
Stanislav Shalunov http://www.internet2.edu/~shalunov/

"Hey!  Who took the cork off my lunch?!"               -- W. C. Fields



Yes, I do see some problems with this behaviour.

I could use this to trick innocent people into distributing my malware for
me, with the added bonus that the email will look like it is somone
genuinely trying to contact them. It could also make people breach the rules
of their ISP or organization by apparently trying to send a virus, for
example. possibly getting them into trouble, or having their account
suspended.

also from http://www.ics.uci.edu/pub/ietf/uri/rfc2368.txt RFC 2368 - " Thus,
a mail client should never send a message based on a mailto URL
   without first showing the user the full message that will be sent
   (including all headers that were specified by the mailto URL), fully
   decoded, and asking the user for approval to send the message as
   electronic mail. The mail client should also make it clear that the
   user is about to send an electronic mail message, since the user may
   not be aware that this is the result of a mailto URL.
"

I'm not sure, this fulfills this, anyone?

I'm sure theres more!

--
http://www.ukchat.com - UKChat
http://sdf.lonestar.org - SDF Public Access UNIX system
http://www.geocities.com/dontpanic999/ - my WebSpace





_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: