[Mimedefang] Want to modify "read-receipt" img tags in mail

Paul Murphy pmurphy at ionixpharma.com
Thu May 20 11:57:05 EDT 2004 

Scenarios:

A.  Normal e-mail will have no images at all
	No action required.

B.  Some systems will send HTML mail, but normally without images
	No action required.

C.  Occasionally, someone will use HTML mail with a "stationery" effect, which
is normally an image tiled across the background, or a logo
	Detect that the image is in the background, and ignore it.

D.  Self-referential e-mail, with images attached and referenced in the HTML
	Links to attached images are OK, so ignore it.

E.  HTML e-mail with links to off-site images
	This is where it gets interesting.  See below.

There are two approaches which spring to mind, one of which is simple.  Let's
start with the difficult one.

You could in theory parse all HTML parts of messages, and identify every
off-site link.  Having done that, you could make a request for each link,
preferably through a site-wide web-cache (so that the user's content is
pre-cached if it ever gets to them), and then decide what to do based on what
comes back.   If the result is an image, analyze it using GD, then perhaps you
would decide that any image of less than 100 pixels gets replaced by a
auto-generated image of the same size which has a 5x5 "X" in the top-left
corner.

Potential problems - you have to follow all links, not just image links, as a
link to a CGI script can just as easily be used to track where a message has
gone.  Also, if a newsletter contains an "unsubscribe" link, you run the risk of
activating it...

The alternative is much simpler - if the HTML contains any URI which is
off-site, then change the message to be a plain-text body with the original
message as an attachment.  In the plain text part, provide a list of the sites
referenced, and a warning that the off-site links could be used for tracking.
Implement a whitelist system for this, so messages from approved sites, or to
users who elect to opt out of the filtering, are passed unchanged.

The other option, much as I hate to say it, is to try a smarter mail client,
such as Outlook 2003, of which they say:

"To help protect privacy and combat Web beacons, Outlook 2003 can block the
download of external content from the Internet. If an e-mail message tries to
connect unannounced to a Web server, Outlook blocks that connection until you
decide to view the content. This feature also helps prevent you from viewing
potentially offensive messages. If you're on a slow connection, it allows you to
decide whether an image warrants the time required to download it. "

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788


_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________

More information about the MIMEDefang mailing list