ietf-smtp
[Top] [All Lists]

Re: FYI: Email Standards Compliance Project

2007-12-05 13:02:12

Carl S. Gutekunst answers me and ultimately Dave Crocker:
   <http://www.email-standards.org/>

which seeks to rate MUAs and webmail sites for standards compliance.

Not quite. It rates them for HTML display standards compliance. If a mail reader has perfect HTML, CSS and javascript support, it gets full points from that site.
... and probably fails any reasonable security/privacy test.

Actually it's not all that bad.

If you accept as a premise that email messages are put together by "designers" using HTML and CSS for rendering on the screens of "readers" (both words from email-standards.org), then I don't think you can improve very much on what the email-standards.org people are doing. They don't seem to care much about being able to quote in a reply, and so on, and so forth, so there's certainly scope for improvement, but most HTML/mail proposals I've seen are much worse than theirs.

I could only think of one easy security attack that their test affords. (Lazy implementers may allow more attacks, but isn't that always the case?)

Arnt

<Prev in Thread] Current Thread [Next in Thread>