bz <bz+csm@ch100-5.chem.lsu.edu> wrote:
> > What's wrong with HTML emails without remote content? Why the
> > unnecessary inconvenience with ZIP files? I understand that in some
> > places (e.g. newsgroups) HTML mails are inappropriate, but why this
> > generalization?
>
> Oh, here are a few of my reasons:
I've made a statement to most of these in my reply to Sebastian, so you
may want to have a look at <fv9cqq$7e8$02$1@news.t-online.com>, too.
> 1) [...] Information, not 'beauty' or 'cute'.
Formatting is not meant to make information beautiful or cute.
> 2) html enabled e-mail clients are executing programs that others have
> sent you when they render html coded text.
Odd, mine doesn't. Maybe I misconfigured it?
> 3) it is practially impossible to 'foolproof' such rendering so as to
> protect the viewer from all possible attacks.
HTML is much more complex than plain-text, yes. Still, we have very
good SGML and XML parsers, which are well tested and seldomly fail in a
way that can be exploited. Reinventing the wheel is a bad idea in this
place, so you would just use one of these parsers.
BTW, if it would be that bad, web browsers would be much more hazardous
to use. Consider that a mail-reader would only need a small subset of
the possible HTML extensions, e.g. it doesn't need stuff like JavaScript
and you may even decide to disregard things like CSS).
> 4) embeded images in html can tell the sender 'an idiot just opened
> the e-mail I sent them' so you just told the spammer that the e-mail
> address is a good one. He can now sell it to other spammers.
Read the first sentence of my last reply again.
> 6) html can be coded so that the viewer sees one link while being sent
> to a different place on the web.
How? Remember, we ignore JavaScript for mails, and the destination
address is shown in the status bar.
> 7) Those that fight spam OFTEN use text only e-mail client in self
> defense. I do.
That's okay. I do, too. Though I have an HTML plugin loaded, it
displays the plaintext parts by default, and displays nothing it there
is no plaintext part. I have to specifically select the HTML part, if I
want to view it.
Reason: Some HTML-enabled mail-readers format their plaintext parts
that horribly, that the HTML part is just much more readable. Products
from the Outlook family are one example.
> 8) Some discard ALL html encoded and graphic encoded incoming e-mail,
> unviewed.
Those people don't do serious business. 90% of my incoming business
emails have an HTML part.
> There are several other good reasons that I can't think of at the
> moment but they are all related to 'microsoft thought it would be cool
> to make messages pretty. They assumed a small offfice environment.'
> Since they came up with that bright idea, many viruses have been
> spread that way. They keep plugging holes in the dike, but there are
> more hole yet to be discovered.
They were the first to use the MIME and HTML standards in that way. How
they did it was rather abusive, but we shouldn't demonize a technology
just because one damn company misimplemented it.
> It (html via e-mail) was a bad idea to start with. It is STILL a bad
> idea. Nothing I can think of will ever make it a good idea.
People like you said similar things when color TVs, CRT monitors (as
opposed to phosphor), LCD monitors (as opposed to CRT), graphics cards,
OpenGL, fancy user interfaces, mice, 32-bit processors and other things
came out. They are more complex and so more likely to fail, and we
would never really need them.
It's a matter of taste. Feel free to tell us your opinion, but remember
that your opinion is based on the state of things, not the other way
round.
> Of course, opinions are like noses, everyone has one.
That sounds like you'd like it to be different.
Regards,
Ertugrul.
--
http://ertes.de/