__/ [ Oliver Wong ] on Wednesday 23 August 2006 20:09 \__
>
> "B Gruff" <bbgruff@xxxxxxxxxxx> wrote in message
> news:4l3l17F470aU1@xxxxxxxxxxxxxxxxx
>> On Wednesday 23 August 2006 18:24 Oliver Wong wrote:
>>
>>> (*) You can sell lists of e-mail addresses to other spammers. How do
>>> you
>>> ensure that an e-mail is valid? Send spam to it, and if they reply, then
>>> you know it's valid. You're don't care if they actually buy the product
>>> you're advertising or not, as long as you can confirm the e-mail address
>>> works.
>>
>> Do you actually need to get a reply?
>> Is it not enough to incorporate a "remote image" in an HTML document (say
>> the image of a full-stop) and be able to tell from the web-site access
>> that
>> the e-mail has been received? (assuming that each e-mail carries a
>> distinctive code in the URL, of course).
>>
>> I'm asking, not telling:-)
>
> Right, there are other sophisticated techniques like these. Some e-mail
> clients (Outlook, for example, but surely most Linux clients) are smart
> enough to not download the remote images without user confirmation first.
> It's a constant back and forth war between blackhats who have to come up
> with more techniques and the whitehats who have to come up with
> counter-techniques.
Smart? No. Outlook was probably among the last E-mail clients to be 'smart'
enough to avoid fetching content from the Web without prior authorisation.
Microsoft has always been behind when it comes to comprehending, foreseeing,
and addressing streetsmarts (think ActiveX or the state of IE
security/privacy). Outlook Express for Mac, for example, suffers from this
problem to this date. KMail even had a bounce option until recently. It's a
response/challenge-type filter.
Best wishes,
Roy
--
Roy S. Schestowitz | Windows O/S: chmod a-x internet; kill -9 internet
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/7 cg001a.halls.man Thu Aug 24 09:00 still logged in
http://iuron.com - proposing a non-profit search engine
|
|
