Jacob Palme <jpalme(_at_)dsv(_dot_)su(_dot_)se> writes:
At 11:11 -0500 02-03-19, Keith Moore wrote:
problem is, text/html has turned out to be an abomination - it
introduces security holes via java, javascript, etc., and lots of folks
I know filter it because the vast majority of text/html mail they
receive is spam.
Would that mean that you filter out all messages sent by Outlook
Express?
No. Outlook Express generates multipart/alternative messages. Pure
text/html messages are 100% spam within my incoming mail; I use it as a
spam filtering method and I've never had a false positive, and I exchange
mail with a lot of people who use Outlook Express. (Other people
subscribed to business news mailing lists and the like may have a
different experience.)
Many mailers handle text/html, but only for a limited part of HTML, not
including java and javascript. It is mainly used
(a) for simple formatting like bold facing, larger
font and monospacing fonts.
(b) Including inline graphics in the e-mail.
It's hard for me to tell what it's used for these days, since much of the
HTML that I see is generated by Microsoft Word or some equivalent
generator and contains so much embedded style data and formatting data
that it's almost impossible to tell what's actually being done.
--
Russ Allbery (rra(_at_)stanford(_dot_)edu)
<http://www.eyrie.org/~eagle/>