[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I was auto-outed by an IMG tag in HTML spam



-----BEGIN PGP SIGNED MESSAGE-----

In <[email protected]>, on 02/18/98 
   at 03:00 AM, Anonymous <[email protected]> said:

>Use mail readers that don't automatically process HTML and
>connect to image servers, accept cookies, or run javascripts.  You are
>being watched by tricky defective, er, detective types. es.

Several things here:

1. HTML in mail:

There is just no place for this crap in e-mail. If multipart/alternative
is used it is tolarable but pure text/html messages go into the bitbucket
with a autoreply explaining to the poster the error of their ways. :)

I was pleasently suprised that MS Outlook actually makes use of the
multipart/alternative format (M$ actually got it right for once). Net$cape
does not and will blindly send out text/html messages (after all everyone
uses a web browser to read their mail) and Eudora was doing the same thing
though they may have fixed this (I talked to John about this when I was at
the IETF in DEC).

2. AutoProcessing of Attachments:

This is *allways* a BadThing(TM). Not only is it an obvious security risk
it is a PITA for the user. I would be rally pissed if my mailer launched a
V-Card app everytime someone thought it was a GoodThing(TM) to add these
attachments to every message they sent out.

3. AutoDownloading of Data:

I imagine what happend here is the internal logic for N$ mailreader when
processing a html/text e-mail message is to treat it just like a WebPage
and processes it accordingly.

IMHO a mail client that is going out to an external site to DL data wether
it be part of a html/text message or Message/External-Body the mailer
should prompt the user on wether or not he wishes to retreive the data.

My recomendations is to dump the Netscape garbage and get a real e-mail
client. Netsacpe has done a good job at screwing up the web we really
don't need the same favor from them with e-mail.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------
 
Tag-O-Matic: Friends don't let friends use Windows.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNOqWz49Co1n+aLhhAQE77gP/U2a/px/oEZGr9HD/FXvmzHH1DGF2E3mx
0WApF3FX2Y6s0MwBaY/t/YisZwyjki6T/xSqd2qVuADeh5sdXYN9Fd6sIon42SX2
4PBvq+HjsKNKlptASjN3x0l3RK8l7Yis47gB3igiA8m8JKMyevm7Vu1bhg572PTA
Kfy8V1J9gYI=
=onje
-----END PGP SIGNATURE-----