Closed Bug 86627 Opened 23 years ago Closed 23 years ago

Allow user to set a policy to limit messages from accessing external sites

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 28327

People

(Reporter: ilya.konstantinov+future, Assigned: security-bugs)

Details

Cause:
HTML messages can embed various media and data items (via IMG, OBJECT, LINK etc.
tags) from external sites. Major mailings commonly employ this technique to
minimize the size of the mail message by not embedding the graphical items, but
this technique can also allow unauthorized return of a "delivery notification",
especially to spammers. The HTML message could trigger an HTTP request to a
distant server with a unique ID. By this ID, the unsolicited mailer could know
which of his mail gets read (and even more - by which mailer software) and tag
the email address for sending further mail.

Solution:
It's not up to me to decide whether this would be disabled by default (since it
might confuse novice users), but advanced users should be granted to an option
to disable HTTP access from mail messages and to manually allow certain mail
addresses to do external site access. For example, upon receiving a mailing from
Lycos or Infobeat, the user would add their addresses to allow external site
access in mail origing from them.
I think this is a duplicate.

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Marking VERIFIED DUPLICATE.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.