at 03:00 AM, Anonymous <anon@anon.efga.org> said:
Use mail readers that don't automatically process HTML and connect to image servers, accept cookies, or run javascripts. You are being watched by tricky defective, er, detective types. es.
Several things here:
At 02:32 AM 2/18/98 -0500, William H. Geiger III wrote:
1. HTML in mail: There is just no place for this crap in e-mail. If multipart/alternative is used it is tolarable but pure text/html messages go into the bitbucket with a autoreply explaining to the poster the error of their ways. :)
HTML is a fine format for email. It's ASCII readable, and supports content description tags that the user's mail reader can render as bold/italic/underline/header-levels//color/etc. It's far superior to using bloated undocumented Microsoft Word attachments. 95% of the HTML email I get IS spam, but that's a separate problem :-) (After all, SPAMMERs like bright colored blinking attention-getting mail.)
2. AutoProcessing of Attachments: This is *allways* a BadThing(TM). Not only is it an obvious security risk it is a PITA for the user. I would be rally pissed if my mailer launched a V-Card app everytime someone thought it was a GoodThing(TM) to add these attachments to every message they sent out.
3. AutoDownloading of Data: I imagine what happend here is the internal logic for N$ mailreader when processing a html/text e-mail message is to treat it just like a WebPage and processes it accordingly. IMHO a mail client that is going out to an external site to DL data wether it be part of a html/text message or Message/External-Body the mailer should prompt the user on wether or not he wishes to retreive the data.
Doesn't even need a prompt - a basic missing-picture icon is fine, with a load-images command somewhere. While it's not as dangerous as auto-processing, autodownloading is annoying, and can be both a security risk (the auto-outing problem) and a denial-of-service risk. Needs to be either off by default or not there at all.
My recomendations is to dump the Netscape garbage and get a real e-mail client. Netsacpe has done a good job at screwing up the web we really don't need the same favor from them with e-mail.
Netscape mail is adequate for many people, just as Eudora is. Newer versions are pretty bloated, but including S/MIME mail encryption for everybody is a Good Thing. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639