| 1 |
On 03/18/2013 04:38 PM, Kevin Chadwick wrote: |
| 2 |
>>> Wait, K9 Mail doesn't have a plain text option? |
| 3 |
>>> |
| 4 |
>>> Perhaps I shouldn't be surprised, as I am also unable to comprehend why K9 might enforce top-posting on replies. |
| 5 |
>> |
| 6 |
>> K9 Mail can do both plain text and bottom posting. |
| 7 |
>> Both set in Account settings/Sending mail. |
| 8 |
> |
| 9 |
> It can write but forces html onto users, which potentially includes jpg |
| 10 |
> exploits, png exploits, html exploits, script exploits, font exploits... |
| 11 |
> |
| 12 |
> And before you say anything. For what benefit, annoying ads from |
| 13 |
> paypal. I am quite capable of opening a browser and deciding which |
| 14 |
> domains *I* trust?? |
| 15 |
> |
| 16 |
> Google's network fell into this trap and banned Windows, but did they |
| 17 |
> fix the real problem or just raise the bar a little (though I expect |
| 18 |
> they took other unreleased measures that would be more interesting)? |
| 19 |
> |
| 20 |
> Would be even worse on Iphones where webkit is forced and so as old as |
| 21 |
> the rom image. Rom cycle time is a major reason why even on cyanogenmod |
| 22 |
> I use firefox over the chrome package which is ancient. |
| 23 |
> |
| 24 |
> Of course on Apple laptops even, Safari's webkit is sometimes months old |
| 25 |
> anywhow. |
| 26 |
> |
| 27 |
> Having knocked Android, I haven't found the time to try the latest |
| 28 |
> native email app. I'm not expecting a no html option but I'm pretty |
| 29 |
> sure it will have some major pluses over k9mail, which was a trade of |
| 30 |
> good for bad on Gingerbread. |
| 31 |
> |
| 32 |
|
| 33 |
I don't know what mail client you use (I suppose I could check your |
| 34 |
headers), but *every* mail client I've used disables loading remote |
| 35 |
content by default. |
| 36 |
|
| 37 |
Further, you're ranting about users being "forced" to send email with |
| 38 |
HTML, intimating that this means they'll send exploit-laden messages to |
| 39 |
their recipients. That's patently silly; the people "forced" to send |
| 40 |
HTML emails aren't going to be sending exploits. That's like suggesting |
| 41 |
that people forced to drive to work are forced to commit vehicular |
| 42 |
manslaughter... |
| 43 |
|
| 44 |
It's the recipient of the email who has the burden of remaining secure, |
| 45 |
and this is possible largely through simply disabling loading rich media |
| 46 |
by default. Again, most mail clients disable loading remote media by |
| 47 |
default, and most I've used support disabling packaged media as well. |
Archives