[dba-Tech] new email attack vector
Jim Lawrence
accessd at shaw.ca
Sat Aug 26 12:45:45 CDT 2017
You are right. Zimbra is a browser based client (it could be configured differently but...) so the hosting ISP/server/browser separates/sandboxes the actual mail message from the viewing station.
To view a mail message's internal design all it takes is toggling the format to HTML, a right-mouse click and select the "inspect element" option.
Jim
----- Original Message -----
From: "stuart" <stuart at lexacorp.com.pg>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Thursday, August 24, 2017 11:16:06 PM
Subject: Re: [dba-Tech] new email attack vector
Correction! Your Zimbra DISPLAYS the plain text version of an email by default - if it is a
multipart/alternative message with both plain and HTML versions. It doesn't "send" anything.
On 24 Aug 2017 at 23:04, Jim Lawrence wrote:
> Hmmm... sometimes it might be nice to be able to modify an email after
> it was sent. ;-)
>
> Having an automated plain text email setting is a must in this day and
> age. The email client, Zimbra, I am currently using, sends all email
> in text first and then there is a setting that will allow me to switch
> the message to HTML. If I see 200 lines of Javascript code revealed or
> iframes, in the bucket it goes. ;-)
>
> Jim
>
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
More information about the dba-Tech
mailing list