Junk Mail Outlook folder shouldn't process image displays from SP.

[Guest]

I recieved a phishing email purporting to be a warning from Citicorp that was
effectively automatically placed in the junk folder, but when the folder was
observed to see that no good mail was in it, the fraudulent web site was
contacted to display an image.

I also got an uncaught junk email from a user at yahoo, but because yahoo is
in my trusted websites, Outlook processed the message without restriction.

These are avoidable problems that are not covered by default in Outlook.
Please work to have better default behavior.

 

[Diane Poremsky [MVP]]

Do you use Outlook 2003? It blocks such images, older versions do not and
probably never will.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

 

[Guest]

Yes, I am using 2003. It does in my inbox, not in the junk mail folder.

Do you use Outlook 2003? It blocks such images, older versions do not and
probably never will.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

I recieved a phishing email purporting to be a warning from Citicorp that
was
effectively automatically placed in the junk folder, but when the folder
was
observed to see that no good mail was in it, the fraudulent web site was
contacted to display an image.

I also got an uncaught junk email from a user at yahoo, but because yahoo
is
in my trusted websites, Outlook processed the message without restriction.

These are avoidable problems that are not covered by default in Outlook.
Please work to have better default behavior.

 

[Diane Poremsky [MVP]]

something is not configured right - it should block all unless you white
list addresses. The folder can't be whitelisted, although posts (usually
mail delivered to public folders) displays external content in the RTM
version - it's fixed in SP1. But junk mail shouldn't be converted to
posts...

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

Yes, I am using 2003. It does in my inbox, not in the junk mail folder.

Do you use Outlook 2003? It blocks such images, older versions do not and
probably never will.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

I recieved a phishing email purporting to be a warning from Citicorp
that
was
effectively automatically placed in the junk folder, but when the
folder
was
observed to see that no good mail was in it, the fraudulent web site
was
contacted to display an image.

I also got an uncaught junk email from a user at yahoo, but because
yahoo
is
in my trusted websites, Outlook processed the message without
restriction.

These are avoidable problems that are not covered by default in
Outlook.
Please work to have better default behavior.

 

[Guest]

Diane,

Thanks for your replies. The answer is interesting:
"%36%38%2E%31%34%2E%31%39%38%2E%31%39%35:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"
is the image. The phisher is more sophisticated than I ever imagined.
Apparently, it is not picked up as external content because of the encoding.

I still wish that the folder would render the output in straight ascii,
instead of trying to figure out whether a particular piece of content is good
or bad. It should assume bad.

-- Bill

something is not configured right - it should block all unless you white
list addresses. The folder can't be whitelisted, although posts (usually
mail delivered to public folders) displays external content in the RTM
version - it's fixed in SP1. But junk mail shouldn't be converted to
posts...

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

Yes, I am using 2003. It does in my inbox, not in the junk mail folder.

 

[Diane Poremsky [MVP]]

you can enable read as plain - it applies to all folders, but in Outlook
2003, it's as easy to enable html for one message as it is to turn on images
for one message.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

Diane,

Thanks for your replies. The answer is interesting:
"%36%38%2E%31%34%2E%31%39%38%2E%31%39%35:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"
is the image. The phisher is more sophisticated than I ever imagined.
Apparently, it is not picked up as external content because of the
encoding.

I still wish that the folder would render the output in straight ascii,
instead of trying to figure out whether a particular piece of content is
good
or bad. It should assume bad.

-- Bill

something is not configured right - it should block all unless you white
list addresses. The folder can't be whitelisted, although posts (usually
mail delivered to public folders) displays external content in the RTM
version - it's fixed in SP1. But junk mail shouldn't be converted to
posts...

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

Yes, I am using 2003. It does in my inbox, not in the junk mail folder.

 

[Guest]

In plain text mode, the address comes out as below. However, this is not the
address that you link to....and there are no tooltips showing you this in
plain text mode!

<https://web.da-us.citibank.com/signin/scripts/login/confirm/user_data.jsp>

you can enable read as plain - it applies to all folders, but in Outlook
2003, it's as easy to enable html for one message as it is to turn on images
for one message.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

Diane,

Thanks for your replies. The answer is interesting:
"%36%38%2E%31%34%2E%31%39%38%2E%31%39%35:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"
is the image. The phisher is more sophisticated than I ever imagined.
Apparently, it is not picked up as external content because of the
encoding.

I still wish that the folder would render the output in straight ascii,
instead of trying to figure out whether a particular piece of content is
good
or bad. It should assume bad.

-- Bill

something is not configured right - it should block all unless you white
list addresses. The folder can't be whitelisted, although posts (usually
mail delivered to public folders) displays external content in the RTM
version - it's fixed in SP1. But junk mail shouldn't be converted to
posts...

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/


Yes, I am using 2003. It does in my inbox, not in the junk mail folder.