Ah, qu’il est beau le réseau des réseaux ! But, isn’t the Internet only what we make it ?

Derniers articles



CAcert NEWS Blog


My Youtube favorites


<   Thursday 14 July 2005   >

... to say to not use HTML emails. They really can be evil and don’t add much communication. The 2 main reasons for this are viruses and spam.

Yesterday was yet another day of work lost because of viruses. 4 infected computers on our network were flooding our LAN and preventing us from reaching the Internet. And today some of my colleagues even spent more time in cleaning the infected machines.

An obvious way of spreading viruses is email. HTML emails can embody javascript code or make use of well known security flaws of the most commonly used OS in the world, windows [1]. This, combined with some evolved social engineering techniques, even led the US CERT to issue a recent security alert telling users, among other recomandations, to "Turn off ’Preview Pane’ functionality in email clients and set the default options to view opened emails as plain text". The style used by the US CERT even makes this security alert a bit frightening...

HTML emails are also commonly used by spammers. Using HTML code referencing image files or even invisible embedded files, called webbug, spammers can easily know if your email address is still valid and even when you’ve read their email. So to send you more spam or better targeted one.

So what good reasons could you give to continue reading and writing emails in HTML form? If it’s none, then, please, desactivate this functionality! ;-)

< previous news    -    next news >

[1For example, the lately discovered PNG buffer overflow or HTML help integer overflow.

plouf Creative Commons -  Private area -  XHTML -  CSS -  v1.1.3