how-to block ads
|
|
Uniqs:
4192 |
Share Topic
 |
 |
|
|
|
 Bobb5Premium
join:2001-02-16
Kent, WA | reply to CalamityJane
Re: 5 Good Reasons HTML in email is a BAD idea Non Html {Text} mail is boring, Risk is to low to worry about. I don't subscribe to most of the security hype designed and started to sell security products. The risk for all this stuff is really low, The last few years everyone has been scared to death with all this stuff. When hardly anyone is ever affected by anything! I've had Incredimail and used it off and on for years. All the fun is always being taken out of the net, In one way or another, Slowly but surely!
--
Only thing Protecting your Right to Keep & Bear arms is Your NRA! Are you a member?»www.nra.org | |
| said by Bobb5:
Non Html {Text} mail is boring, Risk is to low to worry about. I don't subscribe to most of the security hype designed and started to sell security products. The risk for all this stuff is really low, The last few years everyone has been scared to death with all this stuff. When hardly anyone is ever affected by anything!
I beg to differ. HTML e-mail can be dangerous in at least 3 ways:
1. It can be used to scam you. A forged e-mail header (which is independent of HTML e-mail) can lead you to believe that an e-mail originates from some company, say Paypal. But, without HTML, the scammers would then have to trick you into going to a domain similar to Paypal (say, paypall.com) to enter your info.
With HTML, they can make a form look like it came from Paypal's website. (Even, prehaps, directly referencing graphics from Paypal's servers.) This e-mail will attept to trick you into logging in to Paypal via the form and, when you do, your account is now theirs.
Alternatively, they can make their HTML e-mail look like plain text, except for the link. That too will look like a normal e-mail link, but it will really go to another server. (Where they will again try to get your info.)
2. Tracking. If I were a spammer, I'd want as many good e-mails as possible. So if I sent out an HTML spam e-mail, I could have an image point to a webpage (e.g. www.spammerssite.com/page.asp?email=you@youraddress.com )which would record your e-mail address as valid. This page would redirect to an image file when it was done, so you wouldn't notice anything, but the spammer would. And your spam level would increase.
3. Viruses/Malicious Code. There are some viruses out there that can infect you just by visiting a webpage. I'm not sure, but I don't see why these same viruses couldn't be sent via HTML e-mail. On a similar note, depending on the e-mail client's HTML security model, a HTML e-mail could be sent which attempts to load an ActiveX control. (This is something I might want to play with later to see if it's an actual threat. I don't recall anyone mentioning this.)
IMO, e-mail was meant for simple textual communications (just like a telephone was meant for audio communications). Why expose yourself to these threats just to get some cool looking fonts and images? You might as well make a webpage for it and then send people the link.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
| " viruses/Malicious Code. There are some viruses out there that can infect you just by visiting a webpage. I'm not sure, but I don't see why these same viruses couldn't be sent via HTML e-mail."
By sending html e-mail it will be read by many people
a malicious attacker can intercept the message then easily modify it to execute a script or whatever he has in mind then send it on it's way next the origional sender is the
one who gets yelled at by people who were stupid
enough to open the e-mail and execute. Even when you
know the person don't open it if it's suspicious people!
| |
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| reply to Bobb5
said by Bobb5:
All the fun is always being taken out of the net, In one way or another, Slowly but surely!
On the contrary. Once upon a time we used to have a fun internet (say, up to the mid-90s). We used to get email messages we could read, and all the email we used to get was email we wanted to get.
Then the rest of the world showed up, and we got bloated messages, spam, animated greetings cards, and all manner of crap, which made email no fun at all. | |
|
