ietf-asrg
[Top] [All Lists]

[Asrg] More miscellaneous comments

2003-06-22 12:28:02
Thanks to Walter Dnes for his interesting and helpful list of some of the 
tricks 
that HTML offers to spammers.  

One he didn't mention is the trick of using not only just HTML comments (valid) 
to br{!-- --}eak up key{!-- --}words but also the increasing practice of using 
comp{asdf}letely bo{xy





z}gus HTML tags for similar purposes.

Yeah, okay, I substituted characters... just so not to trigger spam detectors.  
:-)

[snip]

If they want "high quality" e-mail there are a whole variety of options, 
going well beyond HTML.  One is to send .DOC files (which can be read with 
freeware viewers), another is Adobe PDF files.

These options are way worse than HTML. 

Yeah, but in exchange they're less likely to be [ab]used as often, and they DO 
unarguably yield much better control over final page layout.

...Word documents are proprietary, and I don't know any program
which can display them reliably except MS Word (and then only the same
version which was used to write it). 

There are freeware word viewers for download for most platforms, and anyhow 
that's only one of several options.  Point being that if you REALLY are 
concerned about "pretty" layout and absolute format control, there ARE better 
ways to achieve that.

PDF files assume a fixed page
layout: My 21" monitor is capable of displaying a whole A4 page in a
readble font size. a 17" monitor usually isnt, and a palmtop doesn't
stand a chance. 

Again, sure.  HTML was designed to display an 'appropriate' and meaningful 
result (even if not known to the sender) regardless of the displaying device.  
No surprise that it works well for that.

But not everybody wants the bulk in exchange for the often-limited additional 
value (and VERY MUCH not justified risks) and they ought to be given the option 
of not accepting it.

Also, Word and PDF generally are a lot larger (even
though HTML produced by editors is often extremely bloated).

Absolutely.  These should be used ONLY when *needed* (and they rarely are, for 
most folks).

I agree fully, that HTML is usually unnecessary and has little benefit
over plain text, but suggesting the use of Word or PDF instead of it is
replace one evil with an worse one.

Thanks for the concurrence.  Again, I'm only pointing out that if you MUST have 
fine control over appearance and formatting, any of a variety of technologies 
work better.  (Hopefully, that's for RARE use on an when-needed basis).

And if they REALLY WANT to use HTML, another approach without most of the
 bulk is to put it up on a Web server (using an 'unguessable' URL) and E-mail 
(as plain ASCII text) the URL to the intended recipient.

For normal mail, I think that's a really stupid idea. 

Depends on the situation.

For a newsletter going out to 150,000 people, I think it's a FINE idea.

As much as I hate HTML-burdened E-mail, I'm *almost* leaning toward suggesting 
it to one of my clients... as an optional way to send nice-looking invoices and 
such with their graphic form overlay (the graphic form overlay would be a 
'background image').  But a perhaps interesting alternative would be to put the 
invoice up as a file on a Web server somewhere, and send the user the 
hard-to-guess URL of 'their' invoice page.

I agree that it's less interesting for casual users who thoughtlessly thought 
it 
might be cool to put one word of their email message in boldface or italics.

(It goes a bit
into the direction of message/external-body or Bernstein's IM, but
without automatic retrieval by the MUA, that's a sure way to get your
e-Mail ignored). 

Such "automatic retrieval" tends to ignore the concerns and issues of people 
who 
prefer to read their E-mail offline, perhaps because they pay for their 
Internet 
connection by the minute.

[Of course, by the same token, the flip side of that is that for the SAME 
reasons, they might PREFER to have the stuff just arrive in their E-mail, 
rather 
than having to reconnect to retrieve it later as a separate operation... 
concerns like that is part of why the control needs to rest in the hands of the 
recipient.]

It is feasible if the document at the URL meaningful
outside of the context of the email (Like: "I wrote up the minutes of
the last meeting. You can find them at $url").

Sure, that's one example where the HTML is probably better NOT embedded in the 
E-mail.

[snip]

I wholeheartedly agree that unnecessary use of HTML in e-mail is 
stupid. I completely concur that HTML e-mail is generally a waste of 
bandwidth. 

Thanks for agreeing. :-)

However, as far as I can see these arguments over how 
technically awful HTML e-mail is are irrelevant to this list, because 
it's not going away and even if it did spam would just go back to being 
plain text.

Spam going back to being plain text would reduce spam volume by probably 70% or 
more, and if spam represents 80% of the total E-mail load arriving at some 
ISPs, 
it's hard to claim that there's no value in achieving that.

(In fact, all the spam that's made it through my filters this week has 
been plain text.)

Cool.  I'm not going to ask you how achieved that, but I think that more and 
more ISPs (and perhaps corporations) are going to use similar kinds of 
strategies to filter out more and more of the HTML-burdened spam.

[snip]

We can filter keywords, and spammer will avoid using those keywords. We 
can do IP blacklist, and spammer will avoid using those blacklist. We 
can ban HTML and spammer will start using plain text. etc etc.

The nice part about them using plain text is that in one fell swoop, we've 
denied them A WHOLE RAFT of their deceptive tricks, and in a way that they're 
not likely going to find some new "creative" [ab]use of HTML that we hadn't 
envisioned and needed to block individually.  Gives them very little 'wiggle 
room' to avoid the filtering.

So, either you have an adaptive (and thus fuzzy) solution or we need to 
think out of box.

I think my solution IS thinking 'out of the box' (compared to the other more 
technically esoteric solutions I've seen bandied about).  I see it as providing 
a fast, nearly guaranteed payback (both for ISPs and their customers) and 
without requiring a realistically speaking unattainable consensus. 

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] More miscellaneous comments, gep2 <=