MyNameHere Posted April 13, 2009 Share Posted April 13, 2009 Hi folks, Sometimes I look at the message source of my held mail for various reasons, mainly curiosity. Until now, I have always seen plain text in the message source window. Today I clicked on Message Source and was shocked to see a bright blue (approximately cyan) background and the text in Times New Roman. There were no carriage-returns at the end of lines. Another odd thing was the "Return-Path:" line had nothing on it (it just said "Return-Path: Delivered-To: spamcop-net..."). When I right-click on the message source window and select "View Source," I see what I expected to see in the first place. The "return-path" is there and there are three sections, including an HTML section. I'm thinking this has something to do with the fact that it's a "multi-part message in MIME format" and the third part is a text/html section with bgColor=#ffffff and font face="Times New Roman". My worry is that if the SpamCop webmail system is opening a browser window that interprets the HTML in messages like this, it would be possible for a spammer/hacker to write an HTML section with scripts that get executed when I am trying just to display the source. So I am thinking "Message Source" might represent a security flaw in the webmail system--it might represent a way to infect or attack client computers. I will be happy to forward the message or message source to someone to look at if someone official would like to check this out. Thanks! Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.