Bob Apthorpe <[EMAIL PROTECTED]> writes: > One nice thing about the old body report was exactly that - it broke the > HTML content. Very nice for HTML-only garbage read under Pegasus Mail, > which renders HTML-only as HTML[1] whether you want it to or not. > Corrupting the HTML body fooled Pegasus into treating the message as > plain text. I was afraid I'd really hate the new MIME attachment > reporting but it's not as annoying as I thought it'd be and being able > to get a pristine copy of the message is nice. > > Still, I think the Principal of Least Astonishment should've kicked in. > Once I start submitting patches, I'll complain more about SA's behavior. > :)
I don't think that particular principle applies here. It is "the assertion that the most usable system is the one that least often leaves users astonished". I think it's less astonishing to use MIME, not corrupt messages, and allow most users to open and retrieve false positive email (especially HTML email) without any external tools. I think the principle you are espousing is that one should preserve inferior systems when users are accustomed to them and might be surprised when changing to a superior system. I think that's a valid consideration, but I don't think anyone wants to be chained to it. I'd like to focus on how to improve the current system and options. So, what were the technical benefits of the old system that are lost in the new one? You mentioned one, that HTML content was rendered into plain text and all of the HTML content could be viewed as source in unsafe mailers. Well, we tried to make it unnecessary to open HTML spam by including an excerpt of the message. I've looked at the Subject line + preview content on hundreds of spam messages and it's always blindingly obvious when it's a spam. We even go further. If the message contains a non-text/plain MIME part, then we warn the user further and make it an attachment rather than an inline MIME part. (Yes, if it's just text/plain, then it's an inline MIME part. Of course, 75% of all spam is HTML, so it's rarely safe.) Now, we could consider adding a way to present the attachment in a way that makes it both viewable *and* difficult to view as HTML. Easy: change the Content-Type of the original message from message/rfc822 to text/plain. Unfortunately, that has a major downside. Average users won't be able to extract the original message, copy it out of their spam folder, etc. This is bad because users like their HTML email and when they can't read it, they aren't happen (and this was a very common FAQ with older SA versions). Another option is to go inside the original message and start fiddling with its MIME headers. I really don't want to go there. Daniel -- Daniel Quinlan anti-spam (SpamAssassin), Linux, and open http://www.pathname.com/~quinlan/ source consulting (looking for new work) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk