John, et al -- ...and then John Brooking said... % % --- David T-G <[EMAIL PROTECTED]> % > % > ...and then Scot Robnett said... % > % % > % I don't personally share the 'HTML e-mail is evil' ... % > intimated that he had, which means we're pursuing % > the ultimate beating of % > a dead horse here :-) % % If I may be allowed to beat the poor dead horse a
*grin* % little more, and at the risk of reviving this thread, Uh oh; that certainly could happen. % but playing devil's advocate because, after all, this % *is* a beginners' list: % % Why is HTML mail evil? (If you believe it is.) % % Because it can be so easily hacked? That's a big % reason, but are there others I don't know about? First, I should say that in a different world, it probably wouldn't be so bad. If everyone had robust and secure MUAs (gee, mutt comes to mind, though you can still manage to screw up even with it sometimes) then we wouldn't have to worry about embedded javascript or VBS or whatnot tearing open security holes because, regardless of whether or not such holes existed, the MUA would keep the garbage in its own sandbox instead of letting it run all over the system or send packages back to its master. So then we come to why someone does HTML mail in the first place... It's probably for just the font stuff you mention, but then people add stationery images and buttons and email envelope icons and whatnot and suddenly you have a very, very, very large message that says "Come to my house on Thursday". It's an incredible waste of space and resources. And before you say "oh, heck, bandwidth is cheap", remember that not everyone in the US has broadband access and much of the world outside the US not only doesn't have fast access but also has to pay by the minute for even local phone calls. Imagine how happy you'd be to download someone else's idea of stationery for an extra two and a half minutes while dialing long distance (and, no, not the cheap LD we have here in the States, either, but like it was in 1978 at $.25/min). Finally, then, we come back around to another security hole: profiling and tracking. Even if it isn't displayed, an HTML message can embed an img tag that goes off to a tracking site and and pips the IP address, at the very least, of who just read the message. What a great way to see how far and wide your spam (or virus) is traveling and fine-tune your marketing. That's by no means an exhaustive overview, but I think it covers the basics. I would *love* to discuss this more and hear from others on the topic, but I fear that we would quickly go far, far, off-topic and wear thin the patience of many (most?) on the list. % % I can imagine average Joe User saying "But of % *course* I want to be able to format my email with 10 % different font faces, sizes, and colors. Plain text is % for geeks." Heh. Little does the average Joe know, too :-) Plain text rules! Your pseudo-quote reminds me of the Mac Font Wheel spoof of years back :-) % % Is maybe Rich Text Format the real answer? It's certainly a better answer than HTML with its embedded images and javascript and the like. % % - John HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg05129/pgp00000.pgp
Description: PGP signature
