Imagine that every time you clicked on an e-mail in your inbox, the e-mail showed something different. Well thats what I discovered last night before I went to bed.
A few weeks ago I found out that Mac users can send fully coded HTML e-mails using Apple’s Mail Application. All one needs to do is open up Safari, go to the page you want to e-mail, and select “Mail Contents of This Page” in the File Menu (see image above). The contents of the page are then automatically pasted into an e-mail that is ready to be sent:
But what if the HTML contains PHP scripts that dynamically load content? The HTML (originally from the Grand Juxtaposition via the front page of my website) calls two PHP scripts that randomly selects two images from two different folders on my website. So when you click on the e-mail in your inbox, two new images are displayed because Apple’s Mail Application runs the PHP scripts:
Notice that the images in the e-mail are different than what was originally sent
Click to view the full-sized image
Lets say the script was malicious and called a website that attempted to download malware. Would this ‘discovery’ be a flaw in Apple’s Mail Application?
So far I have tested this splendid e-mail out by emailing myself the same page to my GMail, Yahoo Mail, and MSN e-mail accounts. With the exception of MSN, which only loaded the foreground graphic and not the background graphic, neither GMail nor Yahoo worked like Apple’s Mail Application. I have not tested it out on Entourage or any other off-line e-mail client programs and I am curious if they’ll run the scripts or not. Regardless, this is probably one of the coolest e-mails ever!
Related Lost Series Entries: