On Sat, 9 Oct 2004 21:51:34 -0700
Dennis Kibbe <
dennisk@linuxquestions.net> wrote:
> On Sat, 09 Oct 2004 20:58:31 -0700
> Victor Odhner <vodhner@cox.net> wrote:
>
> > Mozilla punishes me for setting plain text as my default mail format. I
> > just installed the latest Mozilla hoping it would fix this, and it didn't.
>
> [...]
>
> > I think there is some sort of geeky monastic hair-shirt schtick in play
> > here: we are smart enough to implement rich text, yet strong enough to
> > never use it. ;-)
> >
> > Vic
>
> Vic,
>
> You might want to Google on "Why HTML e-mail is a bad idea" before you go much further.
>
> There are many reasons why it *is* bad and unnecessary. Just one example is that last spam e-mail you get addressed to "Dear Citibank User" or "Dear PayPal User" that told you to click on the link below to update your account. It was hiding its dirty deed behind HTML.
>
> Dennisk
An even better reference just showed up on /. tonight under the title "The Web's 20 Worst Security Flaws" from the SANS Institute.
"Protection from malicious code, embedded in text of e-mail"
"E-mail messages in rich-text formats (HTML, RTF) can have malicious code embedded within text, unlike plain text e-mail, which cannot include any code. The simplest and most effective way to protect against such malicious code is to read all e-mail messages in plain text format."
and
"Protection from Web Beaconing"
"Web Beaconing is a method of verification that an e-mail message was opened, and that therefore the recipient is a valid target for future spam, by including small pictures (usually 1x1 pixel) into the body of HTML-formatted message. This technique is widely used by spammers and advertisers."
http://www.sans.org/top20/#w9
Dennisk
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)