Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Squishing web bugs in email?

By revenant in Internet
Wed Nov 22, 2000 at 09:30:28 PM EST
Tags: Software (all tags)
Software

A NY Times article (registration req'd) today talks about increasing use of web bugs by spammers and legitimate companies in HTML email. If the recipient has an HTML-enabled mail client, they can track who read and forwarded the email, as well as stick a cookie on the HD to identify the person by email address should they visit an affiliated site. Does anyone know of an email server or client app that can filter these things?


Postel, a webmail company referenced in the article, has gained the distinction of being added to my nameserver blackhole list. But does anyone know of an email client or (preferably) server app that can automatically filter these things, such as 1x1 gifs transparent gifs and the like? Or limit email references to items attached to the email. Switching all my users to mutt or Pine isn't really an option.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o NY Times article
o Postel
o Also by revenant


Display: Sort:
Squishing web bugs in email? | 15 comments (13 topical, 2 editorial, 0 hidden)
Webmail filtering (2.00 / 1) (#1)
by infinitewaitstate on Wed Nov 22, 2000 at 01:57:04 PM EST

On a machine running sendmail, you could hack in a PERL script, or C binary to simply strip HTML tags completely from incoming mail. Sure it's a bit labour intensive to send up, but plaintext is relatively safer.

---
... but then again, what do I know?

Not just sendmail... (3.00 / 1) (#11)
by tzanger on Wed Nov 22, 2000 at 11:35:26 PM EST

On a machine running sendmail, you could hack in a PERL script, or C binary to simply strip HTML tags completely from incoming mail.

qmail will do this as well. Hell I think procmail will do it too although it's not an MTA. :-)

There's a really good email filter (works with procmail, which can be used with qmail/sendmail/whatever) which may do what you want already.



[ Parent ]
Filtering proxy (3.25 / 4) (#4)
by canitesc on Wed Nov 22, 2000 at 02:25:56 PM EST

I believe the most efficient way to deal with this would be to deploy an ad-filtering proxy, such as Internet Junkbuster . I would recommend this one because it can be installed either locally on a user's computer or on a central server, is highly configurable, and can run on both Windows, Linux and a variety of Unix OSes. Unfortunately, (or fortunately) it requires a certain amount of computer literacy which is probably what kept it from becoming very wide-spread.

Simpler than junk buster (none / 0) (#15)
by aha on Wed Dec 27, 2000 at 02:33:13 PM EST

A much simpler solution, only for Windows, is to use Naviscope. It has an excellent and highly configurable ad blocker, cookie blocker, image blocker etc etc. The URL is http://www.naviscope.com

[ Parent ]
Eudora (4.00 / 2) (#6)
by ZanThrax on Wed Nov 22, 2000 at 04:57:59 PM EST

uses IE to view HTML main, and IE's security settings apply. So if you have explorer set to refuse all cookies (or to ask you about each one) then the same settings apply to Eudora. (as far as I can tell anyhow... I know I get the IE message window for cookies hidden in my daily Boondocks mailout)

Before flying off the handle over the suggestion that your a cocksucker, be sure that you do not, in fact, have a cock in your mouth.

Sigh.. procmail.org (2.33 / 3) (#7)
by Inoshiro on Wed Nov 22, 2000 at 06:17:57 PM EST

Just go to procmail.org, get it, and stick it between you and the outside world. It's not hard to set it up to bounce HTML email with a "don't be so stupid as to send me non-ASCII email" message ..



--
[ イノシロ ]
Once saw ZoneAlarm's locking feature used for this (4.00 / 1) (#8)
by bgalehouse on Wed Nov 22, 2000 at 07:05:10 PM EST

I once read a review of ZoneAlarm in which the reviewer described using it for this. Zone-alarm is a personal firewall for the win32 world. It has a lock button to turn off your connection. He'd turn on the lock before browsing a batch of recently received emails, then turn it back off.

Not cross platform and not seemless. But you can still view the full imagery if you want to (turn off the lock once you've deleted the spam).

A heavy-handed approach (3.00 / 2) (#9)
by Smiling Dragon on Wed Nov 22, 2000 at 07:35:03 PM EST

Our old systems engineer (an over-skilled, underpaid, jaded sob <grin>) had his sendmail setup to just reject on the header (multipart/alternative etc) with a '550 html is an abomination to mail' message.

Not particularly hard in sendmail, and you may be able to tone done the nazi'ness of it. Knowing sendmail it's certainly possible to be a little more precise in what to target :)

That way you get to only pass the html enabled mails to the filter that infinitewaitstate suggested. Will cut down on the work the mail hub has to do.


-- Sometimes understanding is the booby prize - Neal Stephenson
Not cross-platform (4.50 / 2) (#10)
by Pimp Ninja on Wed Nov 22, 2000 at 08:21:48 PM EST

And undoubtedly not kosher for the linux-oriented folks that seem to dominate here, but there's a sonderful little program called Cookie Pal for windows systems that can not only block cookies in the two big boy browsers, it also handles most versions of Opera (no support exists yet for Complicator 6 or, i suspect, Opera 4) and as a bonus, it handles all of the IE shell integrations, which Outlook, Outlook Express (the most common mail reader... ugh) and Eudora use for HTML mail reading...

The thing is, it's all well and good to eliminate HTML mail, but more than a few of us like receiving that sort of thing - i know i like my newletters with links in them - saves me a step between seeing a concept, and acquiring more info on it.

So there are ways.

i'd link to the program, but i'll be damned if i can remember where i got it... And it IS shareware. So use only if you want to pay.


-----

If we demand from them without offering in return, what are we but better-
dressed muggers holding up the creative at the point of a metaphorical gun?


Cookie Pal (none / 0) (#13)
by Yer Mom on Thu Nov 23, 2000 at 06:15:13 AM EST

Cookie Pal is by Kookaburra Software.
--
Smoke crack. Worship Satan. Admin Unix.
[ Parent ]
Opera's mail client. (5.00 / 1) (#12)
by Louis_Wu on Thu Nov 23, 2000 at 12:04:04 AM EST

Opera (costs real money, sorry) has an integral mail client, and the browser has good filtering and privacy features. I don't know if the browser's filtering affects mail, but I wouldn't be surprised. If you don't want to pay to find out, download Opera and use it for the 30 day trial.

(Aside: Opera is the first program I have seen with a sane trial period system. The program only counts the days you use it, not the weekend you're gone, or the vacation you take. So you don't have to worry about starting the trial before your vacation, it will not add any more days while you're gone. Why isn't this common? *end-rant*)

Louis_Wu
"The power to tax is the power to destroy."
John Marshal, first Chief Justice of the U.S. Supreme Court

My setup (none / 0) (#14)
by Ummon on Thu Nov 23, 2000 at 06:16:50 AM EST

I've got an OpenBSD box running squid as my gateway/firewall. I've got the default web port (80) set up to require authentication. So if an email or other program tries to start a connection to the web they get stopped pending a username and password by squid. I've got my web browsers set up to use the regular proxy port (3128) so they don't have to use authentication to get out.



Squishing web bugs in email? | 15 comments (13 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!