----- Original Message ----- From: "stanislav shalunov" <shalunov@internet2.edu> To: "[Segmen]" <dontpanic999@yahoo.com> Sent: Wednesday, September 12, 2001 4:25 AM Subject: Re: mailto links > Do you see a problem with this behavior? It's standard. If you see a > problem, please state what it is. > > -- > Stanislav Shalunov http://www.internet2.edu/~shalunov/ > > "Hey! Who took the cork off my lunch?!" -- W. C. Fields Yes, I do see some problems with this behaviour. I could use this to trick innocent people into distributing my malware for me, with the added bonus that the email will look like it is somone genuinely trying to contact them. It could also make people breach the rules of their ISP or organization by apparently trying to send a virus, for example. possibly getting them into trouble, or having their account suspended. also from http://www.ics.uci.edu/pub/ietf/uri/rfc2368.txt RFC 2368 - " Thus, a mail client should never send a message based on a mailto URL without first showing the user the full message that will be sent (including all headers that were specified by the mailto URL), fully decoded, and asking the user for approval to send the message as electronic mail. The mail client should also make it clear that the user is about to send an electronic mail message, since the user may not be aware that this is the result of a mailto URL. " I'm not sure, this fulfills this, anyone? I'm sure theres more! -- http://www.ukchat.com - UKChat http://sdf.lonestar.org - SDF Public Access UNIX system http://www.geocities.com/dontpanic999/ - my WebSpace _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
