Why Security Experts Are Using an Ancient Email Format in 2015

11 replies [Last post]
Alij
Offline
Joined: 05/07/2012
hack and hack
Offline
Joined: 04/02/2015

Yes, less lines of code, less potential trouble.
That's one of the reasons why I have a netinstall and a window manager.

For now I'm on Claws rather than Mutt, which felt hard to use (though I've never tried it). But with more skills, I could switch at some point.

Legimet
Offline
Joined: 12/10/2013

I never send other people HTML emails. Unfortunately, everyone else does, even for the smallest emails :(
My email client is KMail, and I have HTML disabled by default. I enable it whenever I need to.

moxalt
Offline
Joined: 06/19/2015

Even though I use Claws Mail (and sometimes alpine) (because I wasn't prepared
to handle the mutt learning curve at the time and go into it properly) I never
send HTML mail. Everyone else seems to though.

tomlukeywood
Offline
Joined: 12/05/2014

i am fairly sure i don’t send HTML mail
but what is wrong with it?

i have not heard of the {malware keylogger="true"}{/malware}
tags

replace { with < and } with >

lembas
Offline
Joined: 05/13/2010
moxalt
Offline
Joined: 06/19/2015

And apart from the security vulnerabilities that the other guy (whose mail
address is a long string of numbers and things which I shall not reproduce here
because I can't be bothered to log in the forum and check out this thread
myself to find out what his name is- oh, wait. Lembas.) pointed out, there's
the simple fact that HTML is an absolute waste of bytes. Every byte is
precious, and adding in pointless formatting and icing on the cake is a waste-
plain-text is clean, minimalist, and delicious. And it's a de facto universal
format- you can be sure that everyone, regardless of client, will be able to
read it. That's why I never send HTML mail.

tomlukeywood
Offline
Joined: 12/05/2014

"HTML is an absolute waste of bytes."
well if watch one video downloaded from the internet it will be more bytes than you will email in quite a while

so adding HTML formatting isn’t a major bandwidth issue

and if it can give extra features like different font sizes tables etc then why not include it?

tomlukeywood
Offline
Joined: 12/05/2014

Just looked at the wikipedia page and found a very good reason not to use HTML in email

"If an email contains web bugs (inline content from an external server, such as a picture), the server can alert a third party that the email has been opened. This is a potential privacy risk, revealing that an email address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some email clients do not load external images until requested to by the user."

jbar
Offline
Joined: 01/22/2011

I was also wondering what's the problem with html. If the email client does not execute javascript, etc., reading html should be secure, shouldn't it?

Many of the posible issues I've found are related to email clients bugs. But it seems that the web viewer can send information to the server and embedded images might use sensitive information in their URL.

http://www.zzee.com/email-security/
http://www.firstpr.com.au/sys-admin/HTML-email/

JadedCtrl
Offline
Joined: 08/11/2014

I've been using mutt for a while and really like it. It's simple, fast, and runs in a terminal.
The #1 thing that makes me want to jam a penguin into someone's throat are HTML emails.
*Especially* the complicated ones that are impossible to read unless you open them in your web-browser.
What an annoying extra step to read email.
Plain-text for life! Plan-text is life!

moxalt
Offline
Joined: 06/19/2015

Plain-text is love. Plain-text is life.