[plug] HTML mail (partial flame and suggestions)

James Devenish devenish at guild.uwa.edu.au
Fri Oct 1 17:19:30 WST 2004 

Hi,

In message <415BEBE5.4000307 at tigris.org>
on Thu, Sep 30, 2004 at 07:20:05PM +0800, Tim White wrote:
> Secondaly could new subscribers be sent an email stating the acceptance 
> or dislike of HTMl mail at the start with tips of how to turn it off for 
> the common email clients (Mac, Win, and Linux)

I agree with this. I suggested it last month, but we have had a problem
gathering all the things we would want to say in an introductory e-mail.
I was thinking we could take a few salient points from the web page and
a few from discussions on the list, and I intended to do that last
weekend, or was it the weekend before? You know how the story goes...

> I have seen people recently being asked not to send HTML mail. This 
> email is to ask a few questions and give a few suggestions.

If you had asked "what is wrong with using HTML e-mail on this list",
answers would include:

 - Wasted bandwidth. I find that HTML e-mails are typically two to eight
   times larger than their plain-text counterparts, with no value for a
   typical message (note that some people also add pictures and
   backgrounds to every HTML e-mail!). These extra bytes need to be
   distributed to all the members of the list, which means much larger
   bandwidth requirements for the *server* (hosted by a PLUG sponsor or
   PLUG member). This extra bandwidth requirement hits the server both
   when it sends the e-mail and when it serves up the web archives. It
   also wastes disk space (the archives are already hundreds of
   megabytes in size). An alternative is to filter all mail on the
   server to convert HTML to plain text, etc. However, this is a bit
   like our 'Message-ID' problem: people should not be sending bad
   Message-IDs or HTML mail in the first place, as both are bad form /
   bad etiquette. That is why the vocal preference is to have people
   avoid these practices in the first place. Large S/MIME attachments
   are also terrible in regard to size, but I cannot remember what
   feelings were expressed on the list. I remember that the issues was
   raised, at least.
 - Security. Plain text is largely "trustworthy", whereas HTML messages
   can contain obfuscated links, web bugs, corrupt images, JavaScript,
   and so forth. When HTML mail goes into the web archives, it cannot be
   treated as trustworthy and needs to be processed to account for this.
   Again, this should not really be necessary because the mail shouldn't
   have been sent in such a format in the first place. Note that the
   security issue hits the list moderators because we have to review
   each 'held message' to see whether it is legitimate or not. In
   reality, most of the messages are spam and viruses. Fortunately,
   these are displayed by the web interface in 'raw source format' so
   that they cannot trick our browsers into doing anything nasty.
   Likewise, if you send HTML e-mail into the moderation queue, we'll
   end up seeing your raw HTML in the web interface. This makes it
   difficult for us to assess the merits of the contents of the message.
   In practice, almost every message that is over 5kb in size in the
   moderation queue is discarded. It is actually the quickest way to
   differentiate spam and viruses from real mail, although in reality I
   use a more careful set of tests.

More information about the plug mailing list