OT: _spam_ (Fred N. van Kempen)

From: Lawrence Walker <lgwalker_at_mts.net>
Date: Wed Dec 4 01:17:00 2002

 I use Pegasus as my mailer, but it is entered as the email program
in the program defaults. How likely is it that this could be exploited
by programs that usually attack Outlook.

Lawrence

> On Tue, 3 Dec 2002, Jeffrey Sharp wrote:
> > On Tuesday, December 3, 2002, John Allain wrote:
>
> > > It IS true that www cgi's (and prob. asp's) can get your eMail from
> > > a page hit, so changing that in your browser is probably an
> > > important first step.
> >
> > However, some browsers (e.g. IE) don't ask you for an email address.
> > Therefore I think it is unlikely that they can transmit that
> > information.
> >
> > And, really, why does a WWW browser need to know that in the first
> > place?
>
> Many web browsers include e-mail clients which use the information for
> the sender address. My preference is to use never use browsers that do
> more than browse, or at least to enter bogus information for mail
> address.
>
> Now... if you're using IE, I'd not be surprised if it already has access
> to your e-mail details from Outlook. Given how trivial it is for virus
> writers to exploit the security weaknesses in both IE and in Outlook--in
> particular to pillage the Outlook addressbook for the purpose of
> self-propogation--it would be just as easy for clever spammers to use
> those same weaknesses to harvest e-mail addresses.
>
> What's depressing is that you don't even have to run Outlook to be a
> victim; you only need to know someone who has your address in their
> Outlook addressbook.
>
> Spam doesn't bother me too much, as I've the righteous tools of Unix,
> pine, procmail, and access to a variety of freely available Bayesian
> inspired spam filtering tools on my side. :-)
>
> -brian.
>


lgwalker_at_mts.net
bigwalk_ca_at_yahoo.com
Received on Wed Dec 04 2002 - 01:17:00 GMT