October 20th, 2009 by Cadet

I’m disappointed. I received a couple of emails from a reputable computer society (based entirely of computing professionals) and they were HTML only …. Why would that bother me, you ask? Ok, seeing as you ask, I’ll tell you:

Allowing an email client to render html emails opens up security issues such as ‘web-bugs’ – online images that when fetched (automatically in many clients) provide the sender (potentially a spammer or botnet) of the email nice info such as your IP address, your OS, and that the email address is valid.

Now, I’m not saying that this computer society is using dastardly tactics such as webugs to keep tabs on their readership – they are a good bunch of folks. However, encouraging (or in this case demanding) that email clients have html enabled to view their emails is borderline irresponsible. We computer professionals ought to be encouraging the use of text-only emails and the permanent disarmament of html emails. Numerous security exploits in all the major windows email clients have shown how dangerous this kind of ‘intelligent scripting’ can be.

The fellow behind nthelp.com has setup a page for testing whether you are vulnerable.
http://www.nthelp.com/OEtest/oe.htm

Botnet, E-mail, E-mail spam, HTML, HTML e-mail, Spam, Spamming