I went poking around the documentation to back up my claims, but surprisingly enough I could not find anything!
Google is supposed to be sanitizing all javascript from the mail when it arrives. The only resource they allow is external images, which are blocked by default. (in case you are curious, there is a trend of including an image like <img src="[email protected]"> and then seeing the hit on the web server with the unique 'user' variable proves there is a human at the other side of the e-mail). When you do the "show original" it (should) show you the source of the e-mail pre-sanitization but in a code view that does not permit the code to run. You can then see any nefarious javascript or calls to external resources. Michael Potts GV: (904) 638-2914 | Gtalk: [email protected] @HMHackMaster | http://about.me/MichaelPotts On Mon, Jul 2, 2012 at 9:36 AM, Dean, Mike <[email protected]> wrote: > Mike, > > With regards to Gmail sanitizing the emails, my understanding is that the > "Show Original" option displays the exact email as it was received (meaning > without sanitizing the message). Have you found that to not be the case? > > Thanks, > > Mike > > > On Mon, Jul 2, 2012 at 9:31 AM, Michael Potts <[email protected]> wrote: > >> If you use a service like gmail, they sanitize the message before it >> appears on your browser. The allow you the option to disable it for an >> individual sender if you trust them. >> >> >> I have found, across all the domains I manager, a ton of feeler e-mails >> are sent to users like "admin" and "webmaster" @domain.com. >> This is funny to me as those people are usually smart enough to not be >> fooled. Why not try "owner" or "CEO" or even "info"?? >> >> With regards to the UPS e-mails, the amount of them has shocked me. While >> they come in waves, its not uncommon to get a dozen in a day. >> >> And one of my clients got hit hard. The user was expecting a large UPS >> shipment that day and got the mail around 10AM. He opened the .zip >> attachment (the mail said there was a problem with delivery and referred to >> the compressed attachment for the paperwork to see why and how to file for >> another attempt). >> He saw nothing of use in the attachment and within 20 minutes the UPS guy >> arrived. >> His computer then began to transmit data at about 5mbit/sec sustained >> until I was called out. >> >> Real unfortunate timing on his part, but it was a good hit on the virus's >> attempt. >> >> Michael Potts >> GV: (904) 638-2914 | Gtalk: [email protected] >> @HMHackMaster | http://about.me/MichaelPotts >> >> >>
