Flaw in Outlook makes you send Spam accidentally

Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic

   Outlook 2007 users may start seeing their Sent Items folder filling up with messages that begin with "Not read:". It isn't spyware, it is spammers abusing the feature in Outlook that sends notifications to people on whether or not the message has been read called X-Confirm-Reading-To.

Basically what happens is the spammer send you a spam message with the X-Confirm-Reading-To header. You get the spam, and it is sent to your junk mail. Then your Outlook send out a read receipt to another spam victim, because the message had the X-Confirm-Reading-To header with the next victims email address in it.

Apparently only IMAP users in Outlook suffer from this exploit, and MS has not fixed it yet.

http://forums.microsoft.com/msdn/showpost.aspx?siteid=1&postid=4038094&sb=0&d=1&at=7&ft=11&tf=0&pageid=0

Author	Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic
woodio Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: Oct/27/2006 Online Status: Offline Posts: 476	Quote Reply Topic: Flaw in Outlook makes you send Spam accidentally Posted: Oct/29/2008 at 11:09am
	Outlook 2007 users may start seeing their Sent Items folder filling up with messages that begin with "Not read:". It isn't spyware, it is spammers abusing the feature in Outlook that sends notifications to people on whether or not the message has been read called X-Confirm-Reading-To. Basically what happens is the spammer send you a spam message with the X-Confirm-Reading-To header. You get the spam, and it is sent to your junk mail. Then your Outlook send out a read receipt to another spam victim, because the message had the X-Confirm-Reading-To header with the next victims email address in it. Apparently only IMAP users in Outlook suffer from this exploit, and MS has not fixed it yet. http://forums.microsoft.com/msdn/showpost.aspx?siteid=1&postid=4038094&sb=0&d=1&at=7&ft=11&tf=0&pageid=0

Josh Van Cleave Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Admin Group Joined: Oct/24/2006 Location: United States Online Status: Offline Posts: 845	Quote Reply Posted: Oct/29/2008 at 12:05pm
	This would be a huge priority if more than IMAP was being affected. IMAP users are in the minority though when it comes to mail server connections.
	The Projector Blog \| PC Rentals \| A Monitor Blog

woodio Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: Oct/27/2006 Online Status: Offline Posts: 476	Quote Reply Posted: Oct/29/2008 at 12:15pm
	I would say we will start seeing more spam with this exploited header if MS doesn't get on fixing it. Whenever they hit an IMAP user, they basically get a free extra spam.

Josh Van Cleave Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Admin Group Joined: Oct/24/2006 Location: United States Online Status: Offline Posts: 845	Quote Reply Posted: Nov/08/2008 at 11:55am
	/agree
	The Projector Blog \| PC Rentals \| A Monitor Blog

John Beagle Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Admin Group Joined: Oct/24/2006 Location: United States Online Status: Offline Posts: 906	Quote Reply Posted: Jan/22/2009 at 4:21pm
	I hope Microsoft gets a handle on this problem soon. We don't need any extra spam.
	23 years in the Computer Industry. Segments: Computer Service and Computer Rentals.