Re: link social engineering attack

From: Claudemir Todo Bom (
Date: Fri 27 Feb 2004 - 00:49:48 GMT

Em Qui, 2004-02-26 às 04:43, Alexey Lobanov escreveu:
    Claudemir Todo Bom wrote:
> Hi,
> I've initiated my tests with anomy sanitizer, and noted that it doesn't
> prevent someone on making a forged message expliting this common social
> exploit:
> <a href="">>
    A simplier idea. Enforced conversion of "Multipart/Alternative" to
    "text/plain", completely deleting "text/html" version. Many people (me
    too) believe that hypertext e-mail is still useful mostly for spammers
    and those social engineers; more normal people just have no time to
    perform markup.

Your idea should work fine when based on enterprises policies, but for
ISPs, we need to provide the maximum of resources for our users, this
means that when somebody makes a fancy email on Incredimail, s/he
desires that the email arrives with all the fancy things on their

I would appreciate both implementations, since I have customers that are
business oriented, and others that are ISPs.

Best Regards,

Claudemir Todo Bom

Attachments: +

hosted by