Re: [Mimedefang] Want to modify read-receipt img tags in mail
--On Thursday, May 20, 2004 4:50 PM -0400 Kevin A. McGrail [EMAIL PROTECTED] wrote: or replace with a href=$1$2IMAGE/a and leave the plain text alone. Almost the same thing. I don't understand what you mean when you put IMAGE above. Literally-- the word IMAGE in caps, as the target to click on. Or, put $1$2 there to show what the URL is, but my guess is that would look more ugly. If I get this set up on our test server I think I would see how different things look. HTML::Parser Oh, I was hoping you didn't agree with my reaction! I always like seeing examples myself. Joseph Brennan [EMAIL PROTECTED] Columbia University in the City of New York ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
[EMAIL PROTECTED] wrote on 05/20/2004 09:28:56 AM: The article at the end of this message reaffirmed my interest in modifying emails that have tracking methods in them. Currently all of the ones I have seen use img src tags. Break all IMG SRC tags in the incoming email? That will proabably annoy (or worse) some of your users when they don't see the pretty pictures in their email. I wish I could get away with doing that. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
On 05/20/04 at 09:59, 'twas brillig and [EMAIL PROTECTED] scrobe: [EMAIL PROTECTED] wrote on 05/20/2004 09:28:56 AM: The article at the end of this message reaffirmed my interest in modifying emails that have tracking methods in them. Currently all of the ones I have seen use img src tags. Break all IMG SRC tags in the incoming email? That will proabably annoy (or worse) some of your users when they don't see the pretty pictures in their email. I wish I could get away with doing that. Likewise. Howsabout parsing just for img src=(http://www.netmsg.com/.*) and replacing $1 with http://www.myserver.org/WEB_BUG_TRACKER_WARNING.gif;? Cheers, Ole -- Ole Craig * UNIX, linux, SMTP-ninja; news, web; SGI martyr * CS Computing Facility, UMass * www.cs.umass.edu/~olc/pgppubkey.txt for public key Where are the missing deficit-reduction program-related activities? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
Break all IMG SRC tags in the incoming email? That will proabably annoy (or worse) some of your users when they don't see the pretty pictures in their email. I wish I could get away with doing that. I think that would be right up there with disabling HTML. A great idea but VERY unpopular. KAM ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
On Thu, 20 May 2004, Ole Craig wrote: Howsabout parsing just for img src=(http://www.netmsg.com/.*) and replacing $1 with http://www.myserver.org/WEB_BUG_TRACKER_WARNING.gif;? A cheaper way would be to set up a DNS zone for netmsg.com and redirect it to your servers. (Though this only works for people who read mail from within your network.) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
Howsabout parsing just for img src=(http://www.netmsg.com/.*) and replacing $1 with http://www.myserver.org/WEB_BUG_TRACKER_WARNING.gif;? Too specific. If it's popular at all, look for more companies doing the same. They might even start changing domain names to evade filtering. Possibly, convert img src tags so they have to be clicked on instead of opening inline. It could raise some what was that in your mail questions that deserve to be asked. Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
[EMAIL PROTECTED] wrote on 05/20/2004 10:16:53 AM: Break all IMG SRC tags in the incoming email? I think that would be right up there with disabling HTML. A great idea but VERY unpopular. Tell me about it. You wouldn't (ok, you probably would) beleive the whining I heard when our Lotus Notes users would mess up the settings in their clients and images stopped appearing. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Want to modify read-receipt img tags in mail
Scenarios: A. Normal e-mail will have no images at all No action required. B. Some systems will send HTML mail, but normally without images No action required. C. Occasionally, someone will use HTML mail with a stationery effect, which is normally an image tiled across the background, or a logo Detect that the image is in the background, and ignore it. D. Self-referential e-mail, with images attached and referenced in the HTML Links to attached images are OK, so ignore it. E. HTML e-mail with links to off-site images This is where it gets interesting. See below. There are two approaches which spring to mind, one of which is simple. Let's start with the difficult one. You could in theory parse all HTML parts of messages, and identify every off-site link. Having done that, you could make a request for each link, preferably through a site-wide web-cache (so that the user's content is pre-cached if it ever gets to them), and then decide what to do based on what comes back. If the result is an image, analyze it using GD, then perhaps you would decide that any image of less than 100 pixels gets replaced by a auto-generated image of the same size which has a 5x5 X in the top-left corner. Potential problems - you have to follow all links, not just image links, as a link to a CGI script can just as easily be used to track where a message has gone. Also, if a newsletter contains an unsubscribe link, you run the risk of activating it... The alternative is much simpler - if the HTML contains any URI which is off-site, then change the message to be a plain-text body with the original message as an attachment. In the plain text part, provide a list of the sites referenced, and a warning that the off-site links could be used for tracking. Implement a whitelist system for this, so messages from approved sites, or to users who elect to opt out of the filtering, are passed unchanged. The other option, much as I hate to say it, is to try a smarter mail client, such as Outlook 2003, of which they say: To help protect privacy and combat Web beacons, Outlook 2003 can block the download of external content from the Internet. If an e-mail message tries to connect unannounced to a Web server, Outlook blocks that connection until you decide to view the content. This feature also helps prevent you from viewing potentially offensive messages. If you're on a slow connection, it allows you to decide whether an image warrants the time required to download it. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
Excellent case study of the problem, thank you all for the discussion. I believe right now that I will change all img src tags that are non-attached will be modified or disabled. I'll work something up soon about this. KAM - Original Message - From: Paul Murphy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 11:57 AM Subject: RE: [Mimedefang] Want to modify read-receipt img tags in mail Scenarios: A. Normal e-mail will have no images at all No action required. B. Some systems will send HTML mail, but normally without images No action required. C. Occasionally, someone will use HTML mail with a stationery effect, which is normally an image tiled across the background, or a logo Detect that the image is in the background, and ignore it. D. Self-referential e-mail, with images attached and referenced in the HTML Links to attached images are OK, so ignore it. E. HTML e-mail with links to off-site images This is where it gets interesting. See below. There are two approaches which spring to mind, one of which is simple. Let's start with the difficult one. You could in theory parse all HTML parts of messages, and identify every off-site link. Having done that, you could make a request for each link, preferably through a site-wide web-cache (so that the user's content is pre-cached if it ever gets to them), and then decide what to do based on what comes back. If the result is an image, analyze it using GD, then perhaps you would decide that any image of less than 100 pixels gets replaced by a auto-generated image of the same size which has a 5x5 X in the top-left corner. Potential problems - you have to follow all links, not just image links, as a link to a CGI script can just as easily be used to track where a message has gone. Also, if a newsletter contains an unsubscribe link, you run the risk of activating it... The alternative is much simpler - if the HTML contains any URI which is off-site, then change the message to be a plain-text body with the original message as an attachment. In the plain text part, provide a list of the sites referenced, and a warning that the off-site links could be used for tracking. Implement a whitelist system for this, so messages from approved sites, or to users who elect to opt out of the filtering, are passed unchanged. The other option, much as I hate to say it, is to try a smarter mail client, such as Outlook 2003, of which they say: To help protect privacy and combat Web beacons, Outlook 2003 can block the download of external content from the Internet. If an e-mail message tries to connect unannounced to a Web server, Outlook blocks that connection until you decide to view the content. This feature also helps prevent you from viewing potentially offensive messages. If you're on a slow connection, it allows you to decide whether an image warrants the time required to download it. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
D. Self-referential e-mail, with images attached and referenced in the HTML Links to attached images are OK, so ignore it. Some spams come in that way (a couple a year for us.) Just to be clear, I am not approaching this from an anti-SPAM aspect but solely from a privacy issue. I think his case that attached images do not present a privacy issue is valid. KAM ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Want to modify read-receipt img tags in mail
At 01:50 PM 5/20/2004, Kevin A. McGrail wrote: or replace with a href=$1$2IMAGE/a and leave the plain text alone. Almost the same thing. I'd like to see this written out with HTML::Parser when you do it. I don't understand what you mean when you put IMAGE above. I think he means just the text IMAGE - so that the reader knows something was supposed to be there, but there's no risk of the server being contacted. Kelson Vibber SpeedGate Communications www.speed.net ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang