Hi Danny, Agreed, its some pretty weird stuff. I leave HTML mail open because I have four AV and spam relays in front of my Exchange Server, and I run AV and antispyware on my hosts. So, I guess if HTML mail is that robust, it deserves to infect him. I haven't been nailed by it in over 7 years, so maybe my time is running out :-)) I've notice this phenomenum before, but never got around to asking anyone about it. What's interesting is that it bypasses the Web proxy and firewall client configuration, as the queries are generated by the SecureNAT client config. I *think* this may be related to a bug in Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE mentioning this to me, I'll have to ask him about this. Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Monday, May 02, 2005 1:45 PM To: [ExchangeList] Subject: [exchangelist] Re: DNS queries on HTML mail in Outlook http://www.MSExchange.org/ On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Hey folks, > > Here's an interesting finding on an Outlook 2003 client. I found that when > an HTML message comes in that has A HREF references to it, Outlook does a > DNS query for the domains included in the message. I have pack captures > showing this. Anyone ever head of such a thing? Interesting. Any other interesting traffic? I wouldn't know because I only read email in plain text format with Microsoft products. This is a significant malware mitigation technique. ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx