Announcement

Collapse
No announcement yet.

iFrames in email messages

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    iFrames in email messages

    Hello all,

    I have a client who wants me to design an HTML formatted email with an iframe in it.

    To me it seems that browsers should not allow this as it could potentially be a vehicle for phishing exploits. Will an iframe in an email cause security violations in browsers? What about non-browser email clients?

    Obviously, I plan to test on my end, but any personal experience is welcomed.
    TIA
    --b.c.
    Tags: None
  • #2
    Originally posted by big chopper
    ... What about non-browser email clients?
    My mail server has a built-in filter to delete HTML messages that contain iFrames, just to prevent such potential exploits. I get a message that the email was deleted, and who it was from, etc.

    So far, it's never deleted anything that I wouldn't consider spam anyway.
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

    Comment

    • #3
      Thanks, I was able to talk them out of this idea.
      --bc,

      Comment

      • #4
        You're welcome.

        Just out of curiousity (and if you can say without revealing information about/from your client) what was their reasoning for wanting iFrames?
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment

        • #5
          Originally posted by Thorn
          You're welcome.

          Just out of curiousity (and if you can say without revealing information about/from your client) what was their reasoning for wanting iFrames?
          Iframes are an easy way to dump live content into otherwise static HTML. By adjusting the GET method (url) you can leverage an existing database driven template.
          --bc

          Comment

          • #6
            Netcraft advisory on framed email

            If anyone is interested, Netcraft just announced an advisory regarding framed email.

            http://news.netcraft.com/archives/20...g_attacks.html

            --bc

            Comment

            • #7
              Originally posted by big chopper
              Iframes are an easy way to dump live content into otherwise static HTML. By adjusting the GET method (url) you can leverage an existing database driven template.
              --bc
              Thanks for the info.
              Thorn
              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

              Comment

              Previous template Next
              Working...
              X