Home
 

Customer Support

Search for keywords:

Browse by category:

Why are HTML emails a security hazard?

There are many reasons why HTML email is a security hazard and many bad things that can happen to you or your computer by simply even previewing the message in a preview pane without even opening it.

* Using images in HTML mail to gather demographic information about you when your mail program contacts the remote server where the image is hosted in order to allow you to view the image. Using this plus Javascript, many other 'spying' functions can be performed

* Using javascript to track recipients and "listen" to all forwarded messages

* Invisible images that monitor recipients and transmit information about them

* Monitoring the path of a confidential e-mail messages

* Silent capture of valid email addresses for use by spammers

* Executing arbitrary code from email using backdoors in MS Office

* Abusing bugs in mail clients to execute programs attached to emails

* Using ActiveX scripts in html email to steal private local files

* Javascript in html emails sending out recipients' private information

* Using javascript to initiate a denial of service attack

* Execution of malicious java applets

* Distribution of malicious worms that infect recipients' machines

More information about these exploits can be obtained from:

http://www.datafellows.com/v-descs/kak.shtml
http://users.rcn.com/rms2000/security/email/jcorrupt.htm
http://users.rcn.com/rms2000/security/email/jsdos.htm
http://users.rcn.com/rms2000/security/email/bootrap.htm
http://users.rcn.com/rms2000/security/email/bootrap.htm
http://users.rcn.com/rms2000/security/email/office.htm
http://www.zdnet.com.au/news/dailynews/story/0,2000013063,20156879,00.htm
http://www.bugnet.com/alerts/bugalert_010215.html
http://www.privacyfoundation.org/privacywatch/report.asp?id=54&action=0
http://www.geocities.com/ResearchTriangle/Facility/8332/reaper-exploit-release.html
http://www.mediamantra.com/ubb/Forum1/HTML/000003.html

User-Contributed Notes

add a note
There are no user-contributed notes for this topic.

Related Questions:


Sending email takes a long time and then fails.

I get "relaying denied" when trying to send email from my computer.

My ISP does not give me an SMTP/Outgoing mailserver to send mail from my own computer, so I must use yours.

How do I send email?

Do you have screenshots of Outlook Express configurations?

How do I receive and read e-mail?

Occasionally, Outlook Express just asks for my username and password but will not let me get my mail.

Someone is sending viruses or spam that appears to come "from" an address at my domain.

Why can't I send or receive email with large attachments?

Do you support Secure POP and IMAP?

Do you have screenshots of Entourage 2004 configurations?

I can't get my email because I am continually asked to retype my mailbox password, or am getting a [LOGIN-DELAY] error.

Why am I getting spam?

Can I have a special MX record so a different mailserver like everyone.net or my own Exchange server will handle all mail for my domain?

Is there a way I can bounce all email addressed to unknown users?

How many email addresses can I have and how do aliases work?

How do I protect email that contains sensitive information?

Can I have an automatic reply sent to people who email me while I'm on vacation?

How do I delete hundreds or thousands of emails easily?

Can I pipe email to a program?

When I use webmail, my address on outgoing mails is inaccurate.

When I "Add Mailbox" in Onsite, it says "That login name is already taken. Please choose another."

Can I do mass emailings through my ISP that advertises my website?

Do you scan email for viruses?

I receive too much SPAM: what can I do?

I cannot get into webmail.

My website forms are spamming me with 'gibberish@mydomain.com' or Form Email Injection Attack

How does the mail server filter spam and viruses?

Why won't my email attachment go through?

Which e-mail protocol should I use, POP or IMAP?

How do I view full email headers?

I get this error when logging into Webmail: Security failure, data decryption error

How Do I Backup My Email?

Do you support anti-forgery standards (SPF / DomainKeys) for email?

How do I import addresses into webmail?

How do I forward e-mail in OnSite?

Do you purge messages from Trash and Spam folders?

Why can't I forward @mydomain.com email to my ISP mailbox?

Why is/isn't an email being marked as spam?

Why can't I delete messages from my mailbox if it is over quota?

Can I have an email address which both stores and forwards mail?

How can I access my Modwest mail from another provider's webmail?

What does the "Flag Subject" radio button do in OnSite spam settings?

Browse Categories:

Getting Started, FTP, Telnet/SSH, Moving Domains, E-mail, Traffic Reports, Mailing Lists, Apache, PHP, CGI, Other Server-Side Scripting, MySQL Database, Imaging Libraries, Other Software, Billing & Terms, Control Panel, E-commerce, Pre-Sales


Tiny Modwest Logo         Copyright 2000-2008 by Modwest, Inc.          About Us    |    Blog    |    Jobs    |    Web Design    |    Contact Us