Date: Fri, 22 Apr 2005 23:57:11 -0400
To: WSFA members <WSFAlist at WSFA.org>
From: "Mike B." <omni at omniphile.com>
Subject: [WSFA] HTML messages and why they are bad [was: Re: [WSFA] Re: Quoting]
Reply-To: WSFA members <WSFAlist at WSFA.org>

At 08:53 PM 4/22/05 -0400, Keith F. Lynch wrote:

>If you mean HTML, they cause messages to become three two five times
>the size.

Well, it gets a lot bigger, especially if the mailer sends a MIME message
with both text and HTML versions as attachments, but 325 times bigger?  ;-)

>If the reader is using plain text, he sees your message as
>choked with tangled unreadable messes of angle brackets and ampersands.

Yep, and even if the plain text mailer is a little HTML-aware, like mine,
and removes all the tags, just leaving links and plain text behind, many
such messages become mostly non-existent and a waste of time and bandwidth.
 Nikon likes to send me newsletters in e-mail that look something like this:

"Welcome to the <month> newsletter!

  <link>
     <link>   <link>   <link>

  <link>

To unsubscribe..." etc.

Not very professional looking, or useful.   I'm sure it looks very
different in a mail reader that follows all those links and displays the
web pages and images they link to, but I'm not stupid enough to use such a
mailer, and I don't have time to click unlabeled links to see if there's
anything interesting at the other end.

Why is it stupid to run a mailer that opens such links automatically?  One
reason is that some SPAM mail has pictures embedded in it.  These are often
only a single pixel in size, so you probably won't even notice them, but to
display them your fancy mail program establishes a link to the web server
they are on and chats with it about you often using parts of your web
browser (and we all know how secure IE is...).  It tells it your IP number,
the program you are running, and if you have ActiveX or some other such
thing enabled, lets the web site run programs on your computer without
asking you about it.  These may be harmful to your data, or they may just
use your machine to forward the SPAM on to everyone in your address book,
or everyone who's address appears in any mail you have saved in your mail
folders or whatever.  The site may also set cookies that other accesses use
to track trends or pass info around, or do other things that you don't
appreciate.  At the very least, the SPAMmer knows that his message got
through to someone at your IP number and can use that to justify selling
more SPAM services in future, and to direct more SPAN your way.  On my
older mailer all that happens is that I get a message with a link in it
that I then don't click on and just delete.

That's just one reason why simpler is usually better when on the public
internet.  Within an intranet it may be acceptable and useful to have
fancier features around.  I've used them at work in the past myself when I
knew for a fact that all recipients of my message could use them too.

>Also, since the vast majority of spam is HTML, and the vast majority
>of legitimate email is plain text, plenty of people, companies, and
>even whole ISPs silently discard all HTML email.

Some do, but most are smarter about it.  The company I work for has an
anti-SPAM product called Precise Mail Anti-Spam Gateway (we wanted to call
it "SpamHunter" but that was apparently already taken) and it looks over
the message headers and body and assigns points for various features that
are common to SPAM.  Too many points and it gets tagged as SPAM and a few
more than that and it gets quarantined rather than delivered.  You can have
it automatically delete quarantined mail if you like, but most don't do
that.  HTML content is one of the things that gets a message points.  ONLY
HTML and it gets more points.  There are lots of other clues it uses as
well.  It gets things right most of the time...I've gotten 4 SPAM messages
in the last two weeks, and that's more than normal.  Several hundred have
been quarantined, all justifiably.  SPAMmers change tactics all the time,
so you have to keep up with the trends by modifying the detection code.

-- Mike B.
--
USER ERROR: replace user and press any key to continue.