As one of the people who worked on HTML when <IMG> went in (unilaterally and
without any real chance for comment), I have always considered this feature
to be a bug.
Unauthenticated executable content of any kind has no place in email. There
is no cause to send unsolicited and unauthenticated Java, Active-X or
Javascript. The <IMG> tag referencing an external object is causing a
programmed action I think it should be blocked by default as well.
HTML worked and works just fine without external references or executable
content.
The IETF could try to issue an edict to stop HTML email but the market
simply won't listen. Issuing an RFC does not change the world.
Warning MUA authors off executable content in unauthenticated email might
work. The principle is already accepted in general...
Phill
-----Original Message-----
From: Dr. Jeffrey Race [mailto:jrace(_at_)attglobal(_dot_)net]
Sent: Friday, June 20, 2003 11:57 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] HTML-burdened E-mail
On Fri, 20 Jun 2003 11:29:18 -0400, Yakov Shafranovich wrote:
1) Their spam will be less effective;
How?
Much/most html spam includes webbugs to verify identity of the
mark and so validate the address
Jeffrey Race
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg