Closed
Bug 86627
Opened 23 years ago
Closed 23 years ago
Allow user to set a policy to limit messages from accessing external sites
Categories
(MailNews Core :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: ilya.konstantinov+future, Assigned: security-bugs)
Details
Cause: HTML messages can embed various media and data items (via IMG, OBJECT, LINK etc. tags) from external sites. Major mailings commonly employ this technique to minimize the size of the mail message by not embedding the graphical items, but this technique can also allow unauthorized return of a "delivery notification", especially to spammers. The HTML message could trigger an HTTP request to a distant server with a unique ID. By this ID, the unsolicited mailer could know which of his mail gets read (and even more - by which mailer software) and tag the email address for sending further mail. Solution: It's not up to me to decide whether this would be disabled by default (since it might confuse novice users), but advanced users should be granted to an option to disable HTTP access from mail messages and to manually allow certain mail addresses to do external site access. For example, upon receiving a mailing from Lycos or Infobeat, the user would add their addresses to allow external site access in mail origing from them.
Comment 1•23 years ago
|
||
I think this is a duplicate.
Comment 2•23 years ago
|
||
*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•