On Sat, 21 Jun 2003, Kee Hinckley <nazgul(_at_)somewhere(_dot_)com> wrote:
At 6:12 PM -0500 6/20/03, gep2(_at_)terabites(_dot_)com wrote:
I think you ought to let the READER be the judge of what the READER finds the
most readable... based on THEIR screen, THEIR vision, THEIR color preferences,
THEIR screen resolution, etc etc.
This battle was fought and lost with HTML web sites. Why do you
think you'll have any more luck winning it with email?
Well, ONE difference is that a Web site is for the most part a public posting,
which people have the right to visit or not visit as they choose, but at THEIR
option. The Web site is designed (and paid for) by the person posting it. A
Web site is normally made available without knowing in advance who might or
might not someday come to view it.
E-mail, on the other hand, uses an inbox (of limited size, thus at least for
some a 'scarce resrouce') paid for by the recipient. While made available by
the recipient for the convenience of others, the sender of the E-mail usually
knows (of, at least) the people who will be receiving the mail. There is
generally a more direct relationship (other than in spamming, of course).
It's really like the difference between announcing an open public meeting
somewhere to make a presentation, versus knocking on the door to someone's home
to make the presentation at their house. If you're making the presentation to
them personally, you should normally expect to go to greater pains to respect
the wishes of the people who are personally giving you their time and attention.
99.9% of the people sending email really don't care. Actually, I'd
put it stronger than that. When they make a document on the screen,
they want it to appear the same way on the printer.
HTML is not, and has never been, a precise or deterministic page layout
language. Postscript, TeX, and other schemes are [FAR!] better at that.
While obviously I can't prevent people from confusing that issue, I also don't
take responsibility for their trying to turn HTML into something it's really
not. And I don't have to allow them to waste _my_ resources in their
associated, [foolhardy!] attempt.
The issue, anyhow, isn't really whether people should or shouldn't use
HTML-burdened E-mail... obviously, some people can (and do) send anything they
could possibly want in their outgoing E-mails. The issue before THIS group is
whether we might encourage ISPs to provide filtering options to their
subscribers which return control of the subscribers' E-mail inboxes to the
subscribers, or if we leave them to continue to be victimized by spammers,
fraudsters, and other abusers.
My observation is that spammers as a class are far more likely to use (and
abuse) the various oddball things in HTML in their attempts to deceive,
defraud,
mislead, and confuse their victims. Since the MOST universal (and safest!)
form
of E-mail is plain ASCII text, it just makes sense to (AT LEAST FOR AN INITIAL
CONTACT) to employ that cross-platform, everyone-can-read-it style.
When the fax it
to someone, they want it to come out the same on the remote side.
Fax by its nature is an IMAGE. HTML is NOT an image, nor is it a page
description language (no matter how strongly some of its users try to make it
that).
When the paper mail it to someone, they want it the same way on the
other side. So not surprisingly they have this weird idea that the
recipient should see the email the way they composed it. That's how
it works in real life. That's how they want it to work on their
computer.
They can do that using Adobe Acrobat, Word, TeX, and various other kinds of
page
composition languages. HTML is NOT like any of those.
But in ANY case, there is a quantum, crucial difference about E-mail than about
Web sites or E-publishing... E-mail is often between just TWO people, and it's
not ONLY about what just ONE of them wants. To be useful, it must be useful
and
correspond with the needs and wishes of BOTH of those parties.
And don't talk to me about bits. Or dangerous content. Having your
computer on the internet is dangerous.
You do NOT get viruses/worms/trojans from plain ASCII text E-mails. HTML
and/or
attachments are crucial components to virtually EVERY type of malicious E-mails
(i.e. not just 'fraudulent' like the Nigerian scams).
Agreed that there might be other firewall-type attacks, but virtually every
type
of malicious code which arrives by E-mail comes in either HTML-burdened or
attachment-carrying E-mail. Restricting who can send you that to a subset of
your correspondents will result in a probably-similar reduction in your
vulnerability to attacks arriving that way. We can probably agree that
protecting your computer from malicious code isn't the focus of this group;
but
it is a nice side benefit that the SAME mechanism which will help make the spam
situation so much better will also help the malicious-code-attack problem too.
You've made an apriori decision that HTML email isn't okay with you.
I'm willing to accept it from SOME senders, those who use it responsibly and
who
I trust to not abuse it (and whose transmissions are unlikely to overflow my
Inbox).
Great. Don't accept it. But don't try and massively complicate
everyone's life just because of your personal preference.
The goal is not to "massively complicate" anybody's life, but we ARE trying to
solve some problems here, and solving them IS GOING TO MEAN changing at least
some characteristics of the status quo.
You want
to make everyone's machine keep track of who they have ever
communicated with (On this machine? With this email program? With
this email address? With this ISP?).
That is not a key part of my proposal, although if it's only just a matter of
destination/origin name pairs I would suggest that "keeping track" of every
correspondent you've exchanged mail with represents a terribly small database
by
today's standards (and that doesn't necessarily need to be on your own machine,
it could well be at your ISP or domain provider).
You want to change the default behavior of 90% of the MUAs out there.
I think that just about everything we have been proposing represents at least
SOME kind of change, AT LEAST at the ISP level. One big advantage of what I
propose is that it can be implemented at a *single* ISP (indeed, even at a
single *recipient*) and virtually immediately yield a very substantial
improvmement.
You want to change the
behavior of every MTA out there that receives email (or else every
MUA has to add the code for tracking and bouncing). You want to
explain to the users how to change these settings, and have *them*
keep track of whether they have every sent mail to a particular user
at this particular email address and from this particular address
before, and then if not, have them change a setting that they don't
even understand.
Senders don't *need* to change anything, depending on how the system is
implemented and how the recipient sets things up. It's possible to handle
*everything* that's truly required from the sender's end.
(Indeed, you don't even HAVE to involve the ISP, although the Net-wide costs
are
less if you truncate the unwanted mail earlier in the transmission path).
And all to bring about a change that spammers can adapt to in less
than a week.
Changing to plain ASCII text E-mail will get the mail past THAT level, but it
will (again) deny them the great majority of their most cherished tricks, AND
make their stuff more readily filtered by content filters. It makes it harder
for spammers to confuse, deceive, and trick their victims. So even when
spammers "adapt", they _never_ get back to what they had before.
Because you know what? They didn't need HTML to sell 2
million Iraqi most-wanted cards in two weeks. They didn't need HTML
to con people into flying to Nigeria and getting killed. And they
certainly don't need it to sell penis expanders.
No, and you know what? Any SINGLE person can send any SINGLE fraudulent offer
to ANYBODY for ANY reason, and there's damned little ANYBODY can do to prevent
that. (Hell, your brother-in-law could convince you to buy his lemon of a used
car, too). There's no substitute, ultimately, for being intelligent and not
getting screwed in a bad deal. What we're trying to do is to put a crimp in
their gears, and to make life more difficult for spammers and abusers.
As for those who seem so determined to prevent that from happening... one has
to
wonder what their true agenda actually is, and whose side they're on.
Sure, it would be wonderful if there were some directory of what
formats people would accept,
Spammers should NOT be able to just look that up, I think. It makes their life
easier, and there's little reason for us to do that for them. :-)
and if you could easily keep track of
whether you've sent mail to someone before, and they could easily
keep track of whether they've received mail from you before.
Again, those things don't really have to be done, either.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg