Brad Rogers wrote: > I beg to differ. By sending HTML emails, it means they're likely to end > up *receiving* HTML mail because many people's mailer replies "in kind" > by default, and the users don't alter the default settings.
So what? The bank's already set to either strip out all dangerous HTML tags or to render as plaintext only. The bank knows it's a target of attack; it's already taken steps to mitigate its risk profile. Also, the number of people who communicate with their bank via email is vanishingly small: many banks outright refuse to deal with customers via email for reasons of banking secrecy. The bank has no downside to sending HTML email. > It doesn't look professional if they are talking about security. Fine: they lose your vote. But in the course of looking unprofessional to you, securitywise, they look quite professional to their other customers, who either don't know or don't care the risks of HTML email. Computer security geeks are such an insignificant fraction of the consumer marketplace that for most purposes we may be safely assumed to not exist at all. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
