Test your e-mail program

Does your e-mail program accept hidden JavaScript commands?

My last posting, Defending against a phishing e-mail message , described a JavaScript trick bad guys use to make a link appear to go one place when it really goes somewhere else.

So you can test if your e-mail program (or Webmail system) falls for this type of forgery, I created a test e-mail message.

To receive my test e-mail message, send an e-mail to:


It does not matter what, if anything, is in the subject or the body of your message.

The test e-mail message contains a link that appears to go to CNET, but really goes to my personal Web site. When you move the mouse over the test link, you should see my personal Web site in the status bar. If however, you see the silly message below, then your e-mail program is vulnerable to manipulation with JavaScript.

Hope you pass the test.

About the author

    Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

    He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.



    Discuss Test your e-mail program

    Conversation powered by Livefyre

    Show Comments Hide Comments