MBR wrote: > ... > the contents > of the "src=" attribute on the <img> tag that fetches the image. In > addition to the hostname and path to the image, it sends CGI arguments > which contain MY email address! Ingenious of someone to figure out > that CGI arguments are not limited to <a href=...>, and you can send > them in <img src=...> as well, but nasty!
That's a very old trick. SpamAssassin is not the program to defeat it though. It's a spam detector, not a spam cleaner. Even if it were, spammers would quickly find a way around it, e.g. embedding your address (possibly encrypted) in the base image filename. I wouldn't be surprised if that's already been done. Some possible solutions 1) don't open spam 2) read all mail as plain text. Even traditionally insecure clients like MS Outlook [Express] can do this these days 3) restrict access by your mail client to machines you trust. To keep things simple, I have my firewall set to allow my mail client access only to stmp and pop3 ports, which works just as well (for the moment). -- Mat. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
