On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > Hi Danny, > Agreed, its some pretty weird stuff. I leave HTML mail open because I > have four AV and spam relays in front of my Exchange Server, and I run > AV and antispyware on my hosts. So, I guess if HTML mail is that robust, > it deserves to infect him. I haven't been nailed by it in over 7 years, > so maybe my time is running out :-)) Thomas, I see your point, but I do not want to mislead anyone on this list seeking guidance, as your personal success with avoiding getting "nailed" does not apply to most organizations with users much, much less experienced than you. AV software and spam relays are reactive-based technologies. I prefer proactive configurations as the primary line of defence in combination with reactive solutions, such as AV and anti-spam software. <http://www.google.ca/search?q=plain+text+microsoft+security+workaround+site%3Amicrosoft.com> (For all other list members considering Mr. Shinder's approach versus mine, you will notice - in the URL above - how many disclosed Microsoft software vulnerabilities could have been mitigated by viewing email in Plain Text.) I'd rather replace the door with an iron wall, than hire four security security guards only trained for known threats to watch the door. Anyway, to each is his own. > I've notice this phenomenum before, but never got around to asking > anyone about it. What's interesting is that it bypasses the Web proxy > and firewall client configuration, as the queries are generated by the > SecureNAT client config. Are you saying that these DNS lookups (if not already in the resolve cache) are bypassing the default DNS server in the domain, and are attempting to go right through your firewall from the client? > I *think* this may be related to a bug in > Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE > mentioning this to me, I'll have to ask him about this. Thank you, ...D