[thelist] HTML EMail templates
aardvark
roselli at earthlink.net
Wed Mar 21 10:51:02 CST 2001
> From: "Green, Janet" <JGreen at DesMoinesMetro.com>
>
> Aardvark, or anyone really, could you outline briefly what some of the
> security issues *are* with this type of thing? For those of us
> unfamiliar with the lingo, how does an html-based email provide direct
> access to your OS? And to whom?
well, think of the biggest email viruses we've seen... things like
Melissa only affect Windows95+ machines running Outlook...
the reason is that Outlook will use IE's engine to render HTML
email, and that includes rendering/running any embedded script...
so if someone includes the script of Melissa in a script block in an
HTML email, you run the risk of hosing your machine...
granted, most of those viruses are people double-clicking the .vbs
attachment, but you can still cause some hassle...
now, aside from hacking, there are other concerns... think of bad
JavaScript that crashes browsers, or bad HTML as well... as it gets
rendered by Outlook and the IE engine, you've just crashed
Outlook and all open Explorer windows... plain text email wouldn't
have done that...
and there are many security issues with just plain ol' HTML and
JS, as well... just look at the dozens of patches MS has released
for IE (and, by the law of syllogism, Outlook)... that alone should
indicate something's not truly safe...
however, if you run another OS or mail client, you can be pretty
clear of all this hassle... but i use Pegasus Mail, and you should
see how it tries to render HTML email... it makes Amaya look
positively state-of-the-art... no self-respecting marketer would send
an HTML email if he/she saw how it rendered in a non-Outlook
email client...
> Seems to me that any or all of these situations will apply to a good
> percentage of your marketing department's audience (particularly the
> complaints about Outlook, one of those pervasive Microsoft products,
> and particularly anything implying a possible security problem).
bingo...
> Obviously, this would render their "fancy emails" either useless,
> unreadable, or annoying. Good reasons all not to do it!! :)
exactly... if they are emailing a savvy crowd, like us on the list,
many of those people will *not* be happy, and if they are anything
like me, get added to the bozo filter...
sometimes i even send their HTML spam back to them, and all the
email addresses i can find on their site, hopefully to prove that it
can be damn annoying...
More information about the thelist
mailing list