Your E-mails Go Through A Yahoo! Filter

Home › /var/log/blog

 Your E-mails Go Through a Yahoo! Filter

If you're using Yahoo! mail (which you probably do, if you're reading this!), your incoming e-mails go through a filter in an attempt to block client-side web scripting attacks. So, for example, Yahoo! changes all the occurrences of eval (which is a javascript command) to review and mocha (another statement to be used instead of javascript command) to espresso.
To test it out: Open your Yahoo! mail account. Compose an e-mail in HTML format and type the words eval and mocha in the body of your e-mail. Then send it to yourself. Now, open the received e-mail in your mailbox, you'll be surprised to see the result.
At some point (which we're not really sure when) Yahoo! programmers compiled a list of those dangerous scripting words and applied and replace method on them. The equivalents have been chosen so lamely that if you look for the word medireview on Google, you'll find a lot of results!! Medireview is the replacement of medieval, created in the process of changing eval to review and is used after being pasted into university papers, book reviews, Indian newspapers and endless enthusiast sites drop it "unseen" into texts. Now, it's time to push the first filter-made word into the Oxford Dictionary!
This incident has been reported over a year ago, are they really willing to change their codes and change the eval to ev@l or something like that or we'll see more occurrences of medireview on the web (and in the books)?

Another report of an actual mangled e-mail address:
> Someone [...] changed his e-mail address to "cheval" and several of us couldn't get his new address straight because it kept coming up at "chreview". Eventually, we realized what the word actually was, but it took a while..
Thanks to my friend Tekno for brining that up.
Related story from Need to Know..

A friendly reminder: Be careful if you're sending this article to a Yahoo! mailbox!! :-)
Tue Jul 16, 2002   (10:11 PM) | Permalink | Keep Reading

Content may be reused according to the terms of the OPL.