On 2 Feb 2021, at 10:30, Valentijn Sessink wrote:
On 02-02-2021 14:48, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
src=3D"https://pr=
oxy.duckduckgo.com/iu/?u=3Dhttps://chenoneproduction.s3.ap-southeast-1.amaz=
onaws.com/static/a0fd.png" width=3D"184">
So the QR code is remote. If you fetch it could look like the
recipient
read the email, encouraging more spam to that account.
Unfortunately, yes that's right :-(
It's generally a bad idea for any mail software to automatically fetch
remote content without conscious specific human initiative for mail
which is not carefully authenticated, with careful attention to which
trusted senders are authorized to trigger such retrievals.
(Yes, I know that some garbage MUAs break that rule. That's no reason to
make the same reckless mistake in server-side filtering.)
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
