[plug] need to upgrade? -was Re: [plug] kmail and the gigasecond bug
Steve Vertigan
steven at vertigan.wattle.id.au
Mon Sep 10 18:12:10 WST 2001
Greg Mildenhall wrote:
> > What is wrong with plain text messages, anyway?
>
> Nothing. All email should be plain text, but not for security reasons.
There is one possible exception to this, when a spammer sents mail to a
html-enabled MUA he can include something like
<img src=addr_grabber.cgi?victim=<email_address>
Then he has confirmation that someone at that address is definitely
reading their email and can resell his list of "valid" email addresses.
While this doesn't compromise your machine it does give someone
information that you might prefer they didn't have so could arguably be
called a security risk.
The other reason html mail pisses me off is that when people to include
outside addresses netscape hangs while trying to do a dns lookup if I'm
offline until the request times out. Other than that if you know that
the other person is using a html reader then there's no reason not to
use it, it's not inherently evil and does add expression. But sending
html mail to everybody is downright unsociable. That's why I'm going to
killfile html on mailing lists, not because I can't read it but because
it's presence is a good "bozo detector". :-)
Regards,
Steve
--
OpenBSD maelstrom.dyn.dhs.org KLINK#1 i386
6:05AM up 14 days, 2:02, 2 users, load averages: 0.30, 0.29, 0.21
Don't get suckered in by the comments -- they can be terribly
misleading. Debug only code.
-- Dave Storer
More information about the plug
mailing list