Re: Spam and getting authentication challenged in o utlook
- From: "Larke, Daniel" <LarkeD@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 24 Jun 2003 11:18:15 -0500
Thanks Jim,
I just went to a users desk and looked at the source of the email. The
answer was option 2. The spam had imbedded user name and password.
Thanks again.
Dan L.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, June 23, 2003 10:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spam and getting authentication challenged in
outlook
http://www.ISAserver.org
This will happen when:
1. the mail is HTML-formatted
2. it contains an imbedded link such as http://user:password@http://URL
3. the user opens the mail or views it in the preview pane
4. the ISA is enforcing authenticated policies
Here's the deal..
Many spammers have taken to using this as a means of determining success in
their efforts. A successful connection to their "bean-counting" web sites
means that a human got the mail, since the link was activated.
THE GOOD NEWS:
is that if ISA is enforcing authentication for outbound requests, this gets
stopped at the gate, because ISA (rightly) interprets the request as "give
me a connection to "URL" using the specified credentials. Since the
credentials are unlikely to match any of your user accounts or their
passwords, the request is refused.
THE BAD NEWS:
The users have to shut down and restart their mail reader, since those
credentials are cached for any future connection requests.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Larke, Daniel" <LarkeD@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, June 23, 2003 08:20
Subject: [isalist] Spam and getting authentication challenged in outlook
http://www.ISAserver.org
Hello,
Has anyone seen where people with full access to the internet getting
challenged in Outlook when looking at SPAM. The same user has not problem
going to any website VIA IE. Another odd thing is when they get challenged,
the user name that pops up not their own. In fact it can not be found in
our domain.
Thanks.
Dan
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
larked@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
