Em Qui, 2004-02-26 às 04:43, Alexey Lobanov escreveu:
Hello.
Claudemir Todo Bom wrote:
> Hi,
>
> I've initiated my tests with anomy sanitizer, and noted that it doesn't
> prevent someone on making a forged message expliting this common social
> exploit:
>
> <a href="http://hell.com/mytrojan.exe">http://www.very-famous-website.com>
A simplier idea. Enforced conversion of "Multipart/Alternative" to
"text/plain", completely deleting "text/html" version. Many people (me
too) believe that hypertext e-mail is still useful mostly for spammers
and those social engineers; more normal people just have no time to
perform markup.
Your idea should work fine when based on enterprises policies, but for
ISPs, we need to provide the maximum of resources for our users, this
means that when somebody makes a fancy email on Incredimail, s/he
desires that the email arrives with all the fancy things on their
destiny.
I would appreciate both implementations, since I have customers that are
business oriented, and others that are ISPs.
Best Regards,
-- Claudemir Todo Bom 114982@xyz.molar.is http://www.wiredway.com.br/~allgoodAttachments: + http://mailtools.anomy.net/archives/anomy-list//d4/a4/03ed7b8/01.signature.asc