Hello Greg Strong & everyone else, on 06-Feb-2005 at 00:19 you (Greg Strong) wrote:
>>> Giving away the IP address of the recipient when reading an HTML mail >>> with embedded images, providing feedback to spammers that the message >>> arrived. >> Hmmmm... I cannot see why that is a security risk. > If you have the time to read, go to Google and do a search on "IP > address security risk." I'M SURE you will find your answer there. I don't know what you mean and can only guess which of the thousands of hits is what you are referring to, but if it is what I think, then you shouldn't surf the web either :) If someone walks by your house, he can look what name is on the door bell and mailbox, and peek thru your windows, watch the flowers in your garden, you can't do a thing about it. Its perfectly legal. If you leave your front door open and someone walks in and uses your toilet and takes your stereo, its your problem. Everything requires conscious usage. I think I can make the generalisation that all of us agree that plain text email is first choice, and that remote images should not be loaded automatically, but rather thru a button, a list of trusted senders or domains, whatever. However, people always make this html and/or remote images thing an almost religious matter and don't stay with the facts, and mix security and privacy up, and whatnot. It is not within the responsibility of an *email* program to protect the user from design flaws of its operating system, or the entire internet technology. It is the responsibility of the program to protect the user from privacy issues like web bugs, and its the responsibility of the programmers to build bullet-proof code, as far as that is possible. -- Best regards, Alexander (http://www.neurowerx.de - ICQ 238153981) The product of mental labor-science always stands far below it's value, because the labor-time neccessary to reproduce it has no relation at all to the labor-time required for it's original production. -- Karl Marx ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html