From: “William H. Geiger III” <whgiii@invweb.net>
To: cypherpunks@toad.com
Message Hash: f3fd1c8b0660111de31616ab679fa1392f89e4e19d4f83378221d5afe095d43b
Message ID: <199802180937.EAA10267@users.invweb.net>
Reply To: <37a52bf54844994eb90c8e8af06b07b7@anon.efga.org>
UTC Datetime: 1998-02-18 09:06:30 UTC
Raw Date: Wed, 18 Feb 1998 01:06:30 -0800 (PST)
From: "William H. Geiger III" <whgiii@invweb.net>
Date: Wed, 18 Feb 1998 01:06:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: I was auto-outed by an IMG tag in HTML spam
In-Reply-To: <37a52bf54844994eb90c8e8af06b07b7@anon.efga.org>
Message-ID: <199802180937.EAA10267@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In <37a52bf54844994eb90c8e8af06b07b7@anon.efga.org>, on 02/18/98
at 03:00 AM, Anonymous <anon@anon.efga.org> said:
>Use mail readers that don't automatically process HTML and
>connect to image servers, accept cookies, or run javascripts. You are
>being watched by tricky defective, er, detective types. es.
Several things here:
1. HTML in mail:
There is just no place for this crap in e-mail. If multipart/alternative
is used it is tolarable but pure text/html messages go into the bitbucket
with a autoreply explaining to the poster the error of their ways. :)
I was pleasently suprised that MS Outlook actually makes use of the
multipart/alternative format (M$ actually got it right for once). Net$cape
does not and will blindly send out text/html messages (after all everyone
uses a web browser to read their mail) and Eudora was doing the same thing
though they may have fixed this (I talked to John about this when I was at
the IETF in DEC).
2. AutoProcessing of Attachments:
This is *allways* a BadThing(TM). Not only is it an obvious security risk
it is a PITA for the user. I would be rally pissed if my mailer launched a
V-Card app everytime someone thought it was a GoodThing(TM) to add these
attachments to every message they sent out.
3. AutoDownloading of Data:
I imagine what happend here is the internal logic for N$ mailreader when
processing a html/text e-mail message is to treat it just like a WebPage
and processes it accordingly.
IMHO a mail client that is going out to an external site to DL data wether
it be part of a html/text message or Message/External-Body the mailer
should prompt the user on wether or not he wishes to retreive the data.
My recomendations is to dump the Netscape garbage and get a real e-mail
client. Netsacpe has done a good job at screwing up the web we really
don't need the same favor from them with e-mail.
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
Tag-O-Matic: Friends don't let friends use Windows.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNOqWz49Co1n+aLhhAQE77gP/U2a/px/oEZGr9HD/FXvmzHH1DGF2E3mx
0WApF3FX2Y6s0MwBaY/t/YisZwyjki6T/xSqd2qVuADeh5sdXYN9Fd6sIon42SX2
4PBvq+HjsKNKlptASjN3x0l3RK8l7Yis47gB3igiA8m8JKMyevm7Vu1bhg572PTA
Kfy8V1J9gYI=
=onje
-----END PGP SIGNATURE-----
Return to March 1998
Return to ““William H. Geiger III” <whgiii@invweb.net>”