Read about the issue of the Ropemaker attack that can be launched against desktop email clients that was disclosed from Mimecast and it got me thinking. Is it possible in a Groupwise system or in the client to block a message from retrieving remote data automatically if it is an HTML formatted message? Is there a user setting that would allow email users to block automatic execution of a remote resource—like a remotely hosted CSS file for instance?
I thought in my recent past with GW8 I turned off allowing scripts to run in messages (I have no idea where that is in 2014R2). Maybe I am hallucinating? I distinctly remember (or hallucinated) getting a message and having it tell me scripts are disabled, and testing by saying allow and having it tell me it would not. Do I need a ?
I know this is a new attack, but I was wondering if anyone new whether Micro Focus would be addressing it to help mitigate the attack since most people seem to prefer HTML messages and do not like to have their GW using plain text (at least in my environment).
Food for thought!