W3C home > Mailing lists > Public > www-html@w3.org > December 1999

Re: security problem in emailing HTML

From: Francis X. Speiser Jr. <webmaster@cablevision-boston.com>
Date: Thu, 09 Dec 1999 15:14:06 -0500
Message-ID: <38500D8E.41655330@ma.cablevision.com>
To: Bart Szyszka <bart@gigabee.com>
CC: Kjetil Kjernsmo <kjetil.kjernsmo@astro.uio.no>, www-html@w3.org
Hey Folks,

I think the security problem is not about mailing HTML, **it is the client with
which you use to view it...**
And if you want to see some of the stuff that IE/Outlook will "fall for" check out
this page:

http://forbidden.net-security.org/htm/bugs/ie.htm

Most of that stuff you can just throw into an e-mail and when a person uses the MS
client, it works the same as in a browser...cause it is a browser, really. But
inherently HTML itself is very benign.

Also, I think HTML in an e-mail is better for formatting a document (or specifically
style sheets) than all of these people who will write a simple message and then
attach it as microsoft word document.

HTML would actually help to take the load off your servers if you are in one of
those situations. By encouraging people to write in HTML for their formatting rather
than sending enterprise-wide messages in Word attachments, or converting the docs to
HTML, you can take more load off of your servers andactually free up some of your
bandwidth.

I just tried it and sending the message "Hello World" via e-mail with a .doc
attachment and it takes about 27KB, while the same message in HTML format used
1KB...That is for enterprise or corporate level communication. All I am saying is
that you can see how HTML might help accomplish a lot if used in e-mail instead of
sending attachments in other formats.

But still, if you can send e-mail as a text content-type.. by all means.. do it.

Greetings to you all,
-Frank


Bart Szyszka wrote:

> > I must admit I dislike HTML in e-mail because they normally consume
> > (at least) three times as much bandwidth as necessary to give the same
> > information. And since bandwidth is still a very scarce resource, one
> > should be a bit more careful how it is used. Since I have never seen an
> > e-mail where the HTML had any function at all, they shouldn't have wasted
> > that bandwidth.
>
> HTML in e-mail is useful if you're subscribed to a newletter like Wired.com's
> or CNet.com's. Usually the plain text versions have a title for each heading
> and then a very long URL (that you sometimes need to cut and paste and put
> back together in a browser because of word wrapping) under it that'll take you
> to it. With HTML-based e-mail, they just link the titles without showing the URL
> (except in the status bar?) so that makes the message a lot shorter in length.
> I have a cable connection, though, so I'm a bit less concerned about bandwidth.
> HTML e-mail in mailing lists is just rude, though. Very inconsiderate towards
> the people running the mailing lists (much heavier load on the server when
> you multiply the additional size of the message by the number of subscribers
> who the software has to send it to) and the people who have enough to download
> in plain text from a mailing list let alone with HTML tacked on.
>
> --
> Bart Szyszka bart@gigabee.com ICQ:4982727
> B Grafyx http://www.bgrafyx.com
> Join AllAdvantage.com and get paid to surf the Web!
> http://www.alladvantage.com/go.asp?refid=ARD582
Received on Thursday, 9 December 1999 15:15:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:40 GMT