I was just on a weblog talking about HTML in email.
As I wrote a post I felt it should get read here also:
for the interested folks....
the real problems with HTML email are as follows:
1) scripts in the email (JavaScript and such)
2) image links in the email that may tell the server you have read the
email.
3) image links that look like
SRC="http://www.domain.com/CGI-BIN/image.pl=dgfd36546";
that windup logging your action and may also be a way for spyware and such.
I'd like to see an open standard for a ML based on html but it would ban the
above items, no external links to any image, program, style sheet, script
file etc...
no client side script tags.
no "Malformed" HTML tags as used in spam to hide the message from filters!!
if we could have a standard like that, it could help make HTML format safe
for users and less of a problem for the folks who currently don't want it.
infact I bet 90% of the "No HTML email" policy's would go away given the
rules I just sugjested.
Basicaly a minimal-html subset that would allow css inline's and attached
in-the-email images but no outside links.
So the content would "stand alone" and would not have any script.
This could be a new mime-type standard that would allow current html
rendering logic to work.
A minimal set of software changes in email clients to verify the the
decalred mime-type was compling with the rules.
No breakage of SMTP,POP3 etc....
Just an idea.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg