On 05/15/2018 12:05 AM, Marina Brown wrote:
Remember the campaign against HTML email ? I do. We were right.
The campaign is still ongoing. Maybe we have lost in the case of the vast majority of marketing/advertising lists, but Thunderbird and other email clients (thankfully) offer the option to not automatically load external links by default. I do think a future version (actually, the next version) of Thunderbird and/or Enigmail need to put up a big huge "danger" warning when they detect HTML email mixed with encrypted content, especially when it looks like someone has tried to put an encrypted blob as the destination of a link (which as I understand it, is how this exploit works). There's no good reason to do this, and plenty of bad reasons. -- Shawn K. Quinn <skquinn@rushpost.com> http://www.rantroulette.com http://www.skqrecordquest.com