Jump to content

Web-mail access situation

Recommended Posts

From the SpamCop newsgroupm following is my heads-up to JT, though the real solution probably isn't his burden ...

From: "Wazoo"

To: "SpamCop Support - JT"

Subject: Fw: HTML embed tag in Date or From headers; not masked on Held Email page!

Date: Sun, 17 Jul 2005 17:08:53 -0500

Wow! Excerpt of the first Tracking URL spam submittal;

To: x

Subject: Message subject

Date: <embed src="http://myhome.naver.com/mznx1234/haksa.swf">

X-Mailer: MIME-tools 5.503 (Entity 5.501)

----- Original Message -----

From: "Mike"

Newsgroups: spamcop

Sent: Sunday, July 17, 2005 4:18 PM

Subject: HTML embed tag in Date or From headers; not masked on Held Email


> Recently I've received several spam emails with an HTML <embed> tag in

> the Date or From header fields.  The tag is used to point to a flash

> animation on some spam server.


> The problem is that on the SpamCop "Held Email" page the From and Date

> headers are shown without any "de-HTML-ing" of the text.  So the actual

> Held Email page includes these HTML tags, causing my browser to download

> the flash when rendering the page!  Not good.


> So far all of the spam web servers have been offline because I don't

> actually get any flash displayed on the page.  However, today one of

> servers was up and serving the flash file.  It redirected the browser to

> open a spam web site.  I managed to reload the Held Email page and hit

> the Stop button before it could redirect.


> I queued these emails for reporting.  Here are the tracking URLs.  All

> of these have a bad Date header.  I have seen other ones (which I don't

> have tracking URLs for) that have a similar HTML tag in the From header.


> Hopefully the SpamCop code that creates the "Held Email" web page can be

> updated to check the headers for angle brackets and "escape" them when

> creating the page, so the browser won't try to parse this as HTML.


> http://www.spamcop.net/sc?id=z787003883zbe...609cf239bf9137z

> http://www.spamcop.net/sc?id=z787003887z53...a201a3a962a294z

> http://www.spamcop.net/sc?id=z787003891z73...a20ca2b819a3c8z

> http://www.spamcop.net/sc?id=z787003895z74...0ecef077082077z


> Mike Hall

Link to comment
Share on other sites

Is this problem happening in VER or Webmail's display of his Held Mail mailbox Folder? If it's happening in VER, please advise the OP to use his Webmail Held Mail mailbox/Folder instead. Thanks!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...