Email security: PGP/GPG & S/MIME vulnerability drop imminent
Stephen Satchell
list at satchell.net
Tue May 15 13:00:03 UTC 2018
On 05/15/2018 02:34 AM, Rich Kulawiec wrote:
> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote:
>> TL;DR = Don't use HTML email [snip]
>
> That's enough right there. HTML markup in email is used exclusively
> by three kinds of people: (1) ignorant newbies who don't know any
> better (2) ineducable morons who refuse to learn (3) spammers.
> There are no exceptions.
Yes, there are exceptions. Particularly, chemists (and chemical
engineers) and physicists who need to embed formulas into their e-mail.
They use HTML because it's fast and easy, instead of using the preferred
method of building a PDF and sending that.
(I had a long, unfruitful argument with my brother the chem engineer at
the time my mail server rejected all incoming HTML mail. I had to change.)
Another exception is that most webmail is HTML and plaintext in MIME format.
I get around the problem of triggering code in Thunderbird by only using
the plain text view, dropping to "simplified HTML" view only when
necessary, and only when I know the sender.
More information about the NANOG
mailing list