Revision as of 18:14, 14 September 2006 edit Omegatron (talk \| contribs) Administrators 35,823 edits →Security vulnerabilities: «"The viewing of embedded external content" → "If an email contains inline content from an external server", +"the server", "and" → "revealing that an email address is real (so that ti can be tarwhen the message is ← Previous edit		Revision as of 18:17, 14 September 2006 edit undo Omegatron (talk \| contribs) Administrators 35,823 edits →Security vulnerabilities: «"a security issue for users, who may be" → "used in phishing attacks, in which users are", +", visiting it,", -"", "to a scammer" → "(like bank account numbers) to a scammer", +"revealing", "read" Next edit →
Line 30: == Security vulnerabilities == HTML allows for a link to have a different target than the link's text. This can be aused ~~security~~in ~~issue~~[[phishing]] ~~for users~~attacks, ~~who~~in ~~may~~which beusers are fooled into believing that a link points to the website of an authoritative source (such as a bank), visiting it, and unintentionally ~~[[phishing\|~~revealing personal details (like bank account numbers) to a scammer]]. If an email contains inline content from an external server, such as an [[Digital image\|image]], the server can alert a third party that the e-mail has been opened. This is a potential privacy risk, revealing that an email address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some e-mail clients do not load external images until requested to by the user. Most [[E-mail spam]] is sent in HTML, so spam filters (such as [[Spamassassin]]) give high spam scores to HTML messages. == References==

HTML email: Difference between revisions