On Friday 09 December 2005 04:17 pm, Bob Young wrote:
> Thank you, that's exactly the point, the major objection is on a *mailing
> list*, the content is much more well defined, each and every message is
> thousands of times less likely to be spam or malware, than any randomly
> selected non-list email.
Yes, but that doesn't change the fact that people have their mail systems set
to kill ANY HTML mail that they receive. And again, I ask - once you realize
that many people are being aggressive in what they block (I for instance,
never allow my e-mail client to run dynamic content or graphics - or even
render HTML until I tell it to.), what are you going to be using HTML for???
Fonts??? Text Alignment??? It's just not worth the trouble. It doesn't
serve any useful purpose to send HTML that won't be rendered to people who
are likely to delete your e-mail just because it has HTML.
> Okay, let's use your numbers, that's an additional 2K * 1000 people, so an
> additional 2 megabytes for each message that crosses the list. Let's say the
> list receives 100 messages in a 24 hour period, in round numbers that's an
> extra 200MB to send out over a 24 hour period, sounds like a lot doesn't it?
> But compared to the bandwidth capacity the server actually has available
> over that 24 hour period, it's probably a low single digit percentage...if
Except for three things...
1000 users is quite likely low-balling the figure on almost any mailing list.
For instance, I think I've got over 100 different people who've posted to
this list in my e-mail box - and that doesn't even include the silent lurkers
who are getting copies mailed to them, but that aren't actively posting.
You are also likely to have multiple e-mail lists on a single server. How
many different lists are there for gentoo? I'm subscribed to at least six,
and they all appear to be coming from the same server. Look at the number of
posts to gentoo-user - that's a lot more traffic that this list gets - and
probably a lot more people subscribed as well.
Lastly - most email clients that send HTML mail actually send TWO copies of
the mail - one plain text, and one formatted. The fact that the plain text
comes first, and can be selected as your primary viewing option is the only
reason I don't bitch about this topic more often. But, the effect is to more
than double the size of every message that gets sent by HTML - 100% of the
plain text, and another 120% for the HTML (more or less depending on how much
formatting you use).
Okay, I lied, there's one more point. It doesn't apply to me, but there are
plenty of people who it does apply to - not everybody who subscribes to these
lists has a broadband internet connection. And depending on how many of
these lists they subscribe to, and how active they are, the "double size" of
HTML posts can become a serious problem for their individual connections.
> >Don't argue about why your way is better when it's in clear
> >opposition to the people who make up the community, simply accept that they
> >have reasons for doing things the way they do, and abide by those rules
> >you're in their home.
> This is disappointing. Just blowing off all opposing arguments any, and
> saying it must be done this way, "because we say so" regardless of the
> facts, or validity of opposing argument, is something I'd expect from a
> Microsoft mindset.
No, as I said earlier, and as Duncan just mentioned from Eric Raymond's
article, it's a matter of respect for the people that you're asking to help
you. We're not telling you how to do it no matter where you go (which is the
Microsoft way), we're only asking you to do this when you talk to us. And,
as this is the clear majority opinion of the people who are actually
providing the support, it falls under the realm of common courtesy (or
not-so-common, these days) to respect their wishes, since you are the one
asking for help. There may be nothing wrong with HTML e-mail in other
contexts, but as you were saying, the issue here is HTML on this list.
Following the rules of the community isn't something that's limited to
e-mail. "We reserve the right to refuse service to anyone" is a statement
seen on just about any business you visit. When you're asking for service,
there are rules you should follow depending on what you're asking for. On
FLOSS lists, one of these rules is "Don't use HTML".
> >So, exactly what would you refer to the Sober Worm attack on Nov. 23 as???
> >weeks ago is pretty damned recent.
> Two points, first I'd bet that the attack didn't start with a message to an
> email list, much less a Linux oriented list. Second, the number of Linux
> users affected by the Worm was probably zero, so that doesn't seem like a
> very solid reason for prohibiting html on a Linux oriented list
Well, according to the headers on your own e-mail, you're using Microsoft
Outlook to send your mail. So you of all people shouldn't assume that just
because someone is on a Linux list means that they're invulnerable to
Microsoft security issues. Some people may administer Linux servers while
using Windows desktops. Yes, many people on a Linux list are going to be
using a Linux desktop, but it's not guaranteed. There is no rule that says
that people can't operate on more than one platform. Indeed as I'm writing
this on my gentoo laptop, I'm sitting next to a Windows box on my left, and a
Mac on my right. I work on a website, so there are times when I need to look
at how pages are rendering. I do this in Firefox, PC Internet Explorer, Mac
Internet Explorer, Safari, Epiphany, and Konqueror. And I should probably do
it in a few others as well.
And, while the attack may not have originated on a Linux list, the nature of
the worm means that it will try to send to a Linux list. As with most all
the Sober varients, the worm self-propagates by looking through your address
book and mailboxes, and sending itself to all the addresses that it harvests.
So, all it takes is one person having this list address in a Windows box
(like you're running for instance) to potenially have the worm hitting the
list servers. Whether or not the worm will make it past the server depends
on the list admins - but it's almost guaranteed that the worm has tried to
mail itself to Linux lists at some point. And if it's a Linux list server,
then there's one Linux admin who had to deal with the worm.
> > And as for "objective analysis"... How
> >many spam filter rules are there that boil down to "It's got HTML/it's got
> >loads of HTML in it - it's probably spam". I'd call that a fairly
> It may be objective, that doesn't make it accurate or desirable. Just
> throwing out all html messages as spam is simplistic and lazy, obviously not
> all html messages are spam.
No, but you were claiming that these opinions aren't based on any objective
analysis - but as those spam filter rules demonstrate, there is sufficient
basis to believe that an HTML message is MORE LIKELY to be spam. No, it
doesn't automatically mean that it is spam, but it's a good indicator of
> >> Do you allow html
> >> to be rendered when you browse the web? If so, why is email more
> >> dangerous when your email client can easily be configured to
> >> render html just as safely as your browser?
> >How's about because we can CHOOSE where we go when we browse the web, and
> >can change the settings that we use if we go to sites we don't trust. But,
> >if you have to work at all with the public at large, you have to accept
> >e-mail from people who's intentions are a complete mystery to you, because
> >you can't know until you read it if it's a legitimate e-mail. Yes, you can
> >filter out some things that are very obviously spam, but you can't stop
> The issue here is accepting html from a mailing list, the sender of each and
> every message is traceable, at least to a valid email address. Yet your
> argument seems to be that accepting html email from someone who can be
> traced and held accountable, is somehow more dangerous than accessing a web
> page written by someone you know nothing about and may have no way of
No, my point here is that list e-mail is not the only kind of e-mail that
people who use these filters get. I have to deal with all kinds of end-users
on a multitude of platforms. And if I were having to rely on my Windows box
to do my mail, there is no way in ANY Underworld that I would want my e-mail
client to trust every message sent to me. Even on Linux, I still block out
all parts of the message except for the raw text until I know what I want to
do about it. Many people on this list won't even give it that much latitude
- they'll send it straight to the trash, since they don't HAVE to read any
message on the list. I actually have to at least look at any message that's
sent to me (other than the exceedingly obvious spam), otherwise I might do
the exact same thing.
> It's okay if you want to hold the opinion that "HTML e-mail is a BAD THING"
> just because you have some emotional fondness for plain text. Such fondness
> may be because it's "from the good ole days" and that's fine, but at some
> point we all must let go of the past and embrace change, otherwise we
My emotional fondness for plain text isn't that "it's from the good ole days",
it's that "no plain text message ever made my computer crash/get infected".
Maybe I'm just picky that way. :-)
> >Sorry for this rant, it's just that I happen to strongly agree with the
> >community here that HTML e-mail is a BAD THING - especially to FLOSS lists.
> It's good to agree with someone, but it's more important to be sure of the
> reasons *why* you agree with them.
Well, there are a number of reasons why I feel the way I do, as you can see.
Some don't really apply at the moment (I'm not likely to get infected with
any ActiveX crap while I'm using KMail), but that doesn't mean they won't
apply to me at other times.
Nothing personal here, just trying to better explain WHY some of us are so
opposed to HTML in e-mail.
systems design and integration,
firstname.lastname@example.org mailing list