Why Security Experts Are Using an Ancient Email Format in 2015
intereresting ...please check out >
http://motherboard.vice.com/read/why-security-experts-are-using-an-ancient-email-format-in-2015
Yes, less lines of code, less potential trouble.
That's one of the reasons why I have a netinstall and a window manager.
For now I'm on Claws rather than Mutt, which felt hard to use (though I've never tried it). But with more skills, I could switch at some point.
I never send other people HTML emails. Unfortunately, everyone else does, even for the smallest emails :(
My email client is KMail, and I have HTML disabled by default. I enable it whenever I need to.
Even though I use Claws Mail (and sometimes alpine) (because I wasn't prepared
to handle the mutt learning curve at the time and go into it properly) I never
send HTML mail. Everyone else seems to though.
i am fairly sure i don’t send HTML mail
but what is wrong with it?
i have not heard of the {malware keylogger="true"}{/malware}
tags
replace { with < and } with >
This lists some issues https://en.wikipedia.org/wiki/HTML_email#Security_vulnerabilities
And apart from the security vulnerabilities that the other guy (whose mail
address is a long string of numbers and things which I shall not reproduce here
because I can't be bothered to log in the forum and check out this thread
myself to find out what his name is- oh, wait. Lembas.) pointed out, there's
the simple fact that HTML is an absolute waste of bytes. Every byte is
precious, and adding in pointless formatting and icing on the cake is a waste-
plain-text is clean, minimalist, and delicious. And it's a de facto universal
format- you can be sure that everyone, regardless of client, will be able to
read it. That's why I never send HTML mail.
"HTML is an absolute waste of bytes."
well if watch one video downloaded from the internet it will be more bytes than you will email in quite a while
so adding HTML formatting isn’t a major bandwidth issue
and if it can give extra features like different font sizes tables etc then why not include it?
Just looked at the wikipedia page and found a very good reason not to use HTML in email
"If an email contains web bugs (inline content from an external server, such as a picture), the server can alert a third party that the email has been opened. This is a potential privacy risk, revealing that an email address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some email clients do not load external images until requested to by the user."
I was also wondering what's the problem with html. If the email client does not execute javascript, etc., reading html should be secure, shouldn't it?
Many of the posible issues I've found are related to email clients bugs. But it seems that the web viewer can send information to the server and embedded images might use sensitive information in their URL.
http://www.zzee.com/email-security/
http://www.firstpr.com.au/sys-admin/HTML-email/
I've been using mutt for a while and really like it. It's simple, fast, and runs in a terminal.
The #1 thing that makes me want to jam a penguin into someone's throat are HTML emails.
*Especially* the complicated ones that are impossible to read unless you open them in your web-browser.
What an annoying extra step to read email.
Plain-text for life! Plan-text is life!
Plain-text is love. Plain-text is life.