|
|
|
|
|
|
by upofadown
2237 days ago
|
|
|
This only seems to work against tracking information in parameters. You can put the tracking info into the root URL. For a particularly egregious example of this see the EFAIL attack where entire decrypted messages were being sent back to the attackers in the root URL: * https://efail.de/ I doubt that HTML emails can ever be made secure in general. You are likely vunerable to a wide range of attacks and leaks if you allow images to load in your email no matter how much you attempt to sanitise things. |
|
|