You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2006/12/19 10:18:02 UTC
Salesforce web bug
I noticed an email from salesforce has a 'user tracking' web bug in it
but it isn't currently detected by SA or SARES
( I removed the real numbers after oid so it doesn't cause FP's here ;-)
</html><img
src="http://na3.salesforce.com/servlet/servlet.ImageServer?oid=000000000
00&esid=000000000000"><br><br><DIV style="display:none;"></DIV>
Would this find it?
uri SALESFORCE_WEBBUG
m'http://.*salesforce.com/servlet/servlet.ImageServer\?oid.*esid'i
describe SALESFORCE_WEBBUG Sender has Salesforce Email tracking enabled
score SALESFORCE_WEBBUG 1.0
Would you better prefer a rawbody and img src match?
--
Michael Scheidell, CTO
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts:
http://www.secnap.com/news
Re: Salesforce web bug
Posted by Bart Schaefer <ba...@gmail.com>.
On 12/20/06, Loren Wilton <lw...@earthlink.net> wrote:
> > Why do you want to consider this a spam sign? I'm just curious.
>
> Bugs in mail messages are generally a suspicious circumstance, and probably
> good for a fractional point all by themselves. In general any tracking that
> will auto-identify without the user at least clicking on something is
> suspicious.
In general I'd agree with you, but here we're talking very
specifically about SalesForce. Is there evidence, for example, of
someone using SalesForce to send spam?
Re: Salesforce web bug
Posted by Loren Wilton <lw...@earthlink.net>.
> Why do you want to consider this a spam sign? I'm just curious.
Bugs in mail messages are generally a suspicious circumstance, and probably
good for a fractional point all by themselves. In general any tracking that
will auto-identify without the user at least clicking on something is
suspicious.
Loren
Re: Salesforce web bug
Posted by Bart Schaefer <ba...@gmail.com>.
On 12/19/06, Michael Scheidell <sc...@secnap.net> wrote:
> I noticed an email from salesforce has a 'user tracking' web bug in it
> but it isn't currently detected by SA or SARES
Why do you want to consider this a spam sign? I'm just curious.