On Fri, 12 May 2000, Vernon Schryver wrote:
As as been pointed out repeatedly and as demonstrated with a concrete
example Saturday morning, attached HTML can be a significant security
problem. I doubt that (probably porn) HTML spam was much of a security
threat, but if you think about it for a little, you can surely see how
such things can be real security problems.
I think there's some confusion in terminology, here, possibly on my part.
Some mail clients permit the sending of an HTML _message_, where other
clients will automatically parse the HTML in the message as HTML instead
of plain text. I am trying desperately to distinguish between this
practice and the ability to attach HTML as a binary file.
Binary attached HTML presents a subset of the risks of all binary
attachments - you may, if you choose to open the attachment, be
disappointed in the results.
HTML as e-mail presents further risks for clients which are willing to
interpret the HTML (Outlook and Outlook Express both do this in their
default configuration.)
-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-