[rescue] (Offtopic) X-Message-Flag fun for Outlook users
Jonathan C. Patschke
jp at celestrion.net
Sun Jul 30 01:40:52 CDT 2006
On Sat, 29 Jul 2006, Lionel Peterson wrote:
> Is there really virtue in exploiting a "feature" in software to annoy
> folks on *this* list?
I set that message header on all outgoing mail, not just messages to
X-Message-Flag has uses far more sinister than merely annoying Outlook
users. For example, consider the following:
X-Message-Flag: This message is digitally signed by the
sender at somedomain.com, and proven authentic.
X-Message-Flag: This message was virus-scanned by Norton Anti-Virus,
and its attachments are known to be clean
X-Message-Flag: This password request was initiated by your system
administrator, postmaster at yourdomain.com.
The message, as it appears in the last version of Outlook I used, shows
up in the header portion of the email message, but hilighted in a muted
yellow color. That is, it looks like a message from the mail-system
software, not from the remote sender. The feature itself is a security
hole at a social-engineering level.
THAT is why I tend to "exploit" it.
Jonathan Patschke ) "A man who never dreams goes slowly mad."
Elgin, TX ( --Thomas Dolby, "Valley of the Mind's Eye"
More information about the rescue