Why emails do not upload images directly

Question

Why emails do not upload images directly

Email providers such as Gmail, yahoo, hotmail do not upload images directly to email. These services require the images to be laminated. Why are they doing this? Should XSS / CSRF be prevented?

+3

security email privacy image csrf

RJ. Aug 31 '10 at 9:02

source share

3 answers

, .

+2

Pavel Radzivilovsky 31 . '10 9:04

- . :

<img src="http://example.com/validImage.png?mail=toto@example.com" />

0

Vivien Barousse 31 . '10 9:06

source share

Sripathi Krishnan · Accepted Answer · 2010-08-31T10:47:56+0000

Two reasons are confidentiality and CSRF.

Privacy

This allows the sender to find out if I opened the email or not, without my knowledge. Spammers can find out if their marketing campaigns have had any consequences or not.

CSRF

CSRF , . , CSRF.

, , paypal csrf. , PayPal. <img src="http://paypal.com/transferfunds?fromAccount=victim&toAccount=attacker"/>. , .

Why emails do not upload images directly

More articles: