gmail/adding tags to images/reply emails

[LaBlueGirl]

So this dude runs euractiv.com

I do baby-sitting for his daughter. We were sending emails back and forth today, and on his reply to my last one, I noticed his "security" deal, eSafe, recognized and removed "unsafe" HTML.
In his sigfile is an imagemap for clicking on the diff languages to view his site.
On the side of it are the reg blue links.

Here's the message:
******************* IMPORTANT ! *******************************

The content of this email was found to

contain potentially hostile or malicious content.

For your protection, eSafe’s Content Security Server has

modified this email and removed the dangerous content.

**********************************************************************



\HTML Active Content: Found Spoofed Phishing URL, Found mapped IMG links, Object Removed: 1 'map' Overall Attributes Removed - 2: 'href'


I sent a laughing reply back to him, figuring the only thing I can think of is gmail possibly attaching some kind of tags to his links/images.
Didn't happen when he sent the email, only when I replied to it.

I *really* want to beat this guy down with some comp knowledge.
He tried making fun of me and Frank for wanting to be/being programmers/low-level.
He is a eurocrat, and I only sit b/c I like his kid and he pays WELL

Prelim searching doesn't bring back much.
I know what "tagging" is, as far as the 'net goes, but what are some other useful keywords and where can I start looking?

Basically, I want to point out how retarded he is for having something like eSafe and give valid reasons why:)

Thanks in advance

LBG

[DNR]

antispyware and antivirii programs can be set too sensitive and block content that is not harmful.

Typical alarmist warnings make n00bs feel like they need security:
"The content of this email was found to contain potentially hostile or malicious content. For your protection, eSafe’s Content Security Server has modified this email and removed the dangerous content. "

whew! I don't know what the threat was but thanks!


"\HTML Active Content: Found Spoofed Phishing URL, Found mapped IMG links, Object Removed: 1 'map' Overall Attributes Removed - 2: 'href'
"

That tells me the software is reacting on content in the email for 'web bugs' that use IMG, HREF, and a URL the Esafe server just couldn't verify - so it deemed it 'spoofed'.

What that means is Esafe idiot proofed his email so he could be so stupid as to click on a link and be directed to another website. The IMG filter is ok - I like text-based email myself. and Active script in html is now dangerous. The IMG bug will access a server to retrieve the image, logging the computer's nfo like IP, name, browser, history, etc. I hate censorship, so why would I trust Esafe to tell me what sites are good or bad?

It is possible the 'hide quoted text' that I see in gmail.com's emails is a link to a gmail server. I did not see any active content for google or google's gmail. That is what the Esafe could be removing and denying him a good email feature.

So he is a rich snob? Take the money he pays you. Teach his kid not to be a dumbass like him. I dislike 'know-it-alls' too if anyone says they know everything, thats the first sign they don't.

DNR

[LaBlueGirl]

ok, ok

Still looking and now have a question:

Would it have anything to do with permalinks and gmail, hash functions?

Am I even on the right track? lol

[DNR]

I evaluate email by looking at the orginal, use the gmail options to see the complete SMTP version of the email. If it is html based, of course use the 'view source' to read the html script. Sam Spade can help you parse email headers.

Email servers have their own propriety behavior and security, they can add advertisement, webbugs to track users, and deny access to competitor's links or service, remove other's advertisements and webbugs.

People in the know for security should not use html/active script for email, use text only. I used to use Ziplip.com but now it is a paysite. Gmail seems ok, but I doubt Google's motives.

[LaBlueGirl]

That tells me the software is reacting on content in the email for 'web bugs' that use IMG, HREF, and a URL the Esafe server just couldn't verify - so it deemed it 'spoofed'.

I can dig it, but *why* would it classify a simple 'href' as malicious?

D'ya think it *could* be b/c his company used hashed based links, and gmail adds or subtracts some specific ID from it?
eSafe employs hash sig checking....

Once eSafe notices 'They don't have this info' it could be deemed "malicious"...

or is it just too much lol.

I understand about email/antivirii proggies, but I fail to grasp why a simple basic-assed HTML code is malicious.
So,
1. Why does eSafe recognize it as such *only* after I start replying?
2. Could gmail be doing something to the links/images when I reply?
3. If so, what could gmail do, and what could gmail do to make eSafe act all cracked out?

So he is a rich snob? Take the money he pays you. Teach his kid not to be a dumbass like him. I dislike 'know-it-alls' too if anyone says they know everything, thats the first sign they don't.

DNR

Yeup, I dig it....

I take the money with a good heart, Tai (kid) gets to come with me so it is even easier (she is younger).

He never said he was a know it all, but picture this:

When I first met him about this "job", he tells me for like, 10 years or some shite he was going to African nations and teaching them how to use computers, set up networking, etc etc.
The pics he showed me?
Kids in huts with dirt floors.
School where the kids have no shoes....

He shoulda got a job delivering pizza to them, instead...

[DNR]

href you know is a link, so the esafe is filtering out anylinks attached to the email, wether because it belongs to a known spam server or just a competing email service.

HTML can be malicious because it is 'active script', it can be coded to install and run programs, the permissions given to browsers for port 80 are too broad and allow this app-side sploit.

Why did it activate then and not at first? I'd have to see the trail of messages, maybe he hit 'scan email' or rebooted his box and it turned on a feature that was turned off before.

Yea, teach a kid that can't farm, speak, or work how TCP/IP works. Great, give them AOL and lets bring on the new crop of n00bs and script kiddies.

DNR