compleo
Valued Member
Is anyone familiar with this tool.It uses the words " e mail client", so i don't know if this includes e mail providers...> Email Privacy Tester
Yes, I used this tool to test my serviceIs anyone familiar with this tool.It uses the words " e mail client", so i don't know if this includes e mail providers...> Email Privacy Tester
In the <body> of the HTML part, place a tag as follows:
<iframe src="data:text/html;charset=utf-8,<html><head><meta http-equiv="Refresh" content="1; URL=http://TRACKING_URL/"></head><body></body></html>">
</iframe>
it's mostly technical data useful for developers, in your case pop up means, that your email client tried to execute javascript that was supplied instead of image. (this is very bad)
A guy who I think runs this forum sent me an email to ask if I'd like to comment here
The thing it tests is the email client. So if you enter a gmail.com address, it's not testing the "Gmail service", it's testing the thing that you use to open the email. So it's either testing the gmail web interface, or whatever Android/iOS email client you're using, or Thunderbird or Outlook or whatever.
The thing it tests is the email client
So if you enter a gmail.com address, it's not testing the "Gmail service", it's testing the thing that you use to open the email
So it's either testing the gmail web interface, or whatever Android/iOS email client you're using, or Thunderbird or Outlook or whatever.
Also, what email client were you using when you saw that popup? It's extremely bad. My tester sends a simple bit of JavaScript which just pops up a message. If I was malicious, I could send a different piece of JavaScript which allowed me to completely take over your email account instead.
"GMail" is an email service. It comes with a web interface which you can optionally use to access your email. You could also install Microsoft Outlook or one of dozens of other email clients, and connect them to your GMail account. At that point, you're no longer using the GMail web interface to view your GMail email, you're now using Outlook to view your GMail email, even though that email is still hosted by GMail.
Re "Safe Mail". How did you make that popup happen? I just signed up for a test account and tested it with emailprivacytester.com and Firefox, and saw no such popup when viewing an email. What did you click on immediately before your saw the popup? Also, what web browser and version are you using?
[EDIT] Discovered it. It's when you click "Show HTML". Yes, this is about as bad as security bugs in webmail clients get. I'll send them an email to let them know it needs fixing.
White Hat Aviator sounds interesting. I might have to give it a look. I would really recommend against using safe-mail.net. I had a look at scryptmail earlier and it looks pretty good. I did find one security flaw (XSS) in scryptmail, but they fixed it very quickly after I reported it. I didn't give it a full security audit though, just a quick once over.