Bob Apthorpe <[EMAIL PROTECTED]> writes:

> One nice thing about the old body report was exactly that - it broke the
> HTML content. Very nice for HTML-only garbage read under Pegasus Mail,
> which renders HTML-only as HTML[1] whether you want it to or not.
> Corrupting the HTML body fooled Pegasus into treating the message as
> plain text. I was afraid I'd really hate the new MIME attachment
> reporting but it's not as annoying as I thought it'd be and being able
> to get a pristine copy of the message is nice.
> 
> Still, I think the Principal of Least Astonishment should've kicked in.
> Once I start submitting patches, I'll complain more about SA's behavior.
> :)

I don't think that particular principle applies here.  It is "the
assertion that the most usable system is the one that least often leaves
users astonished".  I think it's less astonishing to use MIME, not
corrupt messages, and allow most users to open and retrieve false
positive email (especially HTML email) without any external tools.

I think the principle you are espousing is that one should preserve
inferior systems when users are accustomed to them and might be
surprised when changing to a superior system.  I think that's a valid
consideration, but I don't think anyone wants to be chained to it.

I'd like to focus on how to improve the current system and options.  So,
what were the technical benefits of the old system that are lost in the
new one?  You mentioned one, that HTML content was rendered into plain
text and all of the HTML content could be viewed as source in unsafe
mailers.

Well, we tried to make it unnecessary to open HTML spam by including an
excerpt of the message.  I've looked at the Subject line + preview
content on hundreds of spam messages and it's always blindingly obvious
when it's a spam.  We even go further.  If the message contains a
non-text/plain MIME part, then we warn the user further and make it an
attachment rather than an inline MIME part.  (Yes, if it's just
text/plain, then it's an inline MIME part.  Of course, 75% of all spam
is HTML, so it's rarely safe.)

Now, we could consider adding a way to present the attachment in a way
that makes it both viewable *and* difficult to view as HTML.  Easy:
change the Content-Type of the original message from message/rfc822 to
text/plain.  Unfortunately, that has a major downside.  Average users
won't be able to extract the original message, copy it out of their spam
folder, etc.  This is bad because users like their HTML email and when
they can't read it, they aren't happen (and this was a very common FAQ
with older SA versions).

Another option is to go inside the original message and start fiddling
with its MIME headers.  I really don't want to go there.

Daniel
 
-- 
Daniel Quinlan                     anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinlan/   source consulting (looking for new work)


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to