Re: Why choose plain text over HTML email?


 

Jim,

BTW, I seem to remember I copied the sig file on the end of this
messsage from Shal, who owns this group.
Wow, that's an oldie - but still a goodie.

At the time I first adopted it HTML-based malware was running rampant in email, and specifically some Yahoo Groups. HTML was relatively new, and most email clients passed the buffer of HTML code to Windows' render function to put in on screen.

That built-in render turned out to have a lot of vulnerabilities, and contrary to Glenn's assertion, no click or other action on the user's part was necessary - merely displaying the message body was sufficient. I was using Eudora back then, and one of its benefits was that it had an option to use its own built-in HTML render instead of Microsoft's. Eudora's render only implemented a basic subset of HTML, avoiding the tags that were then being exploited. So fancier messages would get ugly, but it sufficed for simple emphasis types of formatting.

In the present day Glenn is more correct. Browsers and email clients have (largely, entirely?) opted to use their own HTML rendering code and have strengthened them tremendously against abuse. It has been ages since I've heard even a rumor of a no-click-required exploit delivered by an HTML message body.

Another delve into history is RFC 1896, an early attempt to head off the domination of HTML as the only type of rich text formatting for email message bodies. Alas, it has been largely ignored, so far as I can tell.
https://www.rfc-editor.org/info/rfc1896

Shal





--
Help: https://groups.io/static/help
More Help: https://groups.io/g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list

Join GroupManagersForum@groups.io to automatically receive all group messages.