HTML mail [was Re: FEL was Re: Hi]
James McKenzie
jjmckenzie51 at earthlink.net
Sun Aug 8 15:27:00 UTC 2010
Marko Vojinovic wrote:
> On Sunday, August 08, 2010 14:49:27 James McKenzie wrote:
>
>> Marko Vojinovic wrote:
>>
>>> Here is the message with full headers, as KMail sees it (forgive me for
>>> not
>>>
>>> trimming anything):
>>> Subject: Hi
>>> From: =?ISO-8859-1?Q?=C1rp=E1d_Attila_Bakos?= <jaxxco at gmail.com>
>>>
>> He is using the GMail send agent, probably the Web Mail interface. It
>> creates HTML mail by default.
>>
>>
>>> Content-Type: multipart/mixed;
>>>
>>> boundary="===============1539751590095400808=="
>>>
>> This is HTML mail. If it were text, this would be text/plain...
>>
>
> But this is just a declaration. The message doesn't actually contain any html
> code, AFAICS. Things like <head>, <body>, and other tags.
>
> As I understood, html messages are frowned upon because they waste space and
> bandwidth, and because they might contain javascripts and stuff that is
> problematic security-wise. But if the message body just doesn't contain any
> html tags at all, why does a "multipart/mixed" declaration in the header make
> it html?
>
HTML mail in a mailing list is silly at best, dangerous at worst. GMail
has the capability to send text/plain for messages that do not contain
any HTML code.
Thunderbird has the same problem. However, I've set it so that only
plain text goes to this and any other mailing list I send to. GMail has
the same abilities.
> IOW, shouldn't the mail filter (generic one, I'm not talking specifically about
> g's mail filter) check the actual contents of the message for html stuff, rather
> than just blindly trust the message header?
>
>
This would be a real PITA and you still might be exposed to the dangers
of HTML mail just by running the filter.
James McKenzie
More information about the users
mailing list