Ned,
I wouldn't dream of prohibiting the use of email to send labeled
postscript files, shell scripts, or even ready-to-run binary
programs.
However, I think it's reasonable to expect that a body part labeled
"text" or "text-plus" should only display characters, "image" should
do nothing but draw a picture, "audio" should be limited to sound. If
a program that can have undesirable side-efects is to be sent through
email, it should be labeled as such (though it's not clear at the
moment what top-level content-type is most appropriate for this --
I'll use binary for now).
My suggestion is that we define a "safe" subset for each of the
content-types, that would not permit undesirable side effects.
If a body part is labeled "content-type: text-plus/postscript",
it should be within the safe subset. If it's "binary", no such
restrictions apply.
Of course, the responsibility to enforce the restrictions is
necessarily with the recipient's mail reader. Many text-only mail
readers filter out non-printable characters to protect the reader from
malice; this is only an extension of that practice. For example, a
text-plus/postscript body part might be prefixed with a header that
redefines all of the file i/o and "run program" routines to do
something harmless. A binary/postscript body part wouldn't get the
special treatment, but the mail reader would ask the before running
the program.
I realize it might take some careful analysis to identify the "safe"
subsets of postscript, tex, troff, or whatever. But I don't think we
can ignore the issue.
Keith