1 |
Bob Young posted <FAEEIJPAOFEMBBLKPMJEAEPIDNAA.BYoung@××××××××××.com>, |
2 |
excerpted below, on Thu, 08 Dec 2005 12:25:21 -0800: |
3 |
|
4 |
> Even the two reasons listed in the above reply don't stand up very well to |
5 |
> logical reasoning, it's obvious the OP was neither a spammer nor a malware |
6 |
> author, filtering all html email on the basis of those two reasons alone is |
7 |
> akin to throwing out the baby with the bath water. |
8 |
|
9 |
Not necessarily. Many of us believe two things about HTML mail that color |
10 |
our attitude toward it. |
11 |
|
12 |
1) Of all the mail born malware attacks to date, ask yourself how many of |
13 |
them would have been possible if email hadn't tried to go HTML. Zero, or |
14 |
very close to it. For those of us seriously concerned about security, |
15 |
that's a huge reason right there, altho admittedly, alone, the benefits |
16 |
might outweigh it, if a suitably secure parsing method can be found (and |
17 |
there is such a method, don't fetch any content not in the mail, don't |
18 |
render any active content, only text, formatting, and images, being a very |
19 |
good start). |
20 |
|
21 |
2) For those with content worth reading, the content is /just/ as worth |
22 |
reading in plain text. It doesn't need HTML to fancy it up or obscure it. |
23 |
In fact, those who DO seem to /need/ HTML, don't often seem to have much |
24 |
worth reading -- the spammers, the crackers, and the AOLer types |
25 |
that don't even WANT to know how their computer operates, thus being the |
26 |
ones most likely to be spreading the malware in the /first/ place, |
27 |
therefore the ones anyone who cares about their security is /least/ |
28 |
likely to want to have sending them HTML. |
29 |
|
30 |
The two factors coupled together, the security issue and the lack of |
31 |
content that really /needs/ html to be valuable (if it /needs/ it, send a |
32 |
link, parsing HTML is what BROWSERS are for!), are persuasive enough for |
33 |
many of us. Others are free to continue their in our opinion misguided |
34 |
use, as long as they don't involve us, either in their mail, or in the |
35 |
DoSs that result when one of their HTML mail spread malware things gets |
36 |
going! Unfortunately, we're ALL subject to the abuses that malware |
37 |
causes, with the DoSs on our connections and the restrictions then placed |
38 |
on them to try to stem the problem. (My ISP doesn't allow port-25 SMTP |
39 |
connections to anyone but it's own servers, due to the malware, and the |
40 |
spammers now using it to get more mailbots to spam with. Had plain text |
41 |
remained the rule, all those infections wouldn't have happened, and I'd |
42 |
likely still be able to run my own mail server and connect to others |
43 |
directly, so YES, it has affected me!) |
44 |
|
45 |
-- |
46 |
Duncan - List replies preferred. No HTML msgs. |
47 |
"Every nonfree program has a lord, a master -- |
48 |
and if you use the program, he is your master." Richard Stallman in |
49 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
50 |
|
51 |
|
52 |
-- |
53 |
gentoo-amd64@g.o mailing list |