Re: DNS queries on HTML mail in Outlook

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 3 May 2005 10:53:22 -0400

On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> Hi Danny,
> Agreed, its some pretty weird stuff. I leave HTML mail open because I
> have four AV and spam relays in front of my Exchange Server, and I run
> AV and antispyware on my hosts. So, I guess if HTML mail is that robust,
> it deserves to infect him. I haven't been nailed by it in over 7 years,
> so maybe my time is running out :-))

Thomas, I see your point, but I do not want to mislead anyone on this
list seeking guidance, as your personal success with avoiding getting
"nailed" does not apply to most organizations with users much, much
less experienced than you.

AV software and spam relays are reactive-based technologies.  I prefer
proactive configurations as the primary line of defence in combination
with reactive solutions, such as AV and anti-spam software.


(For all other list members considering Mr. Shinder's approach versus
mine, you will notice - in the URL above - how many disclosed
Microsoft software vulnerabilities could have been mitigated by
viewing email in Plain Text.)

I'd rather replace the door with an iron wall, than hire four security
security guards only trained for known threats to watch the door. 
Anyway, to each is his own.

> I've notice this phenomenum before, but never got around to asking
> anyone about it. What's interesting is that it bypasses the Web proxy
> and firewall client configuration, as the queries are generated by the
> SecureNAT client config.

Are you saying that these DNS lookups (if not already in the resolve
cache) are bypassing the default DNS server in the domain, and are
attempting to go right through your firewall from the client?

> I *think* this may be related to a bug in
> Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE
> mentioning this to me, I'll have to ask him about this.

Thank you,


Other related posts: