Educause Security Discussion mailing list archives
Re: HTML-only email
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 22 Oct 2007 13:23:36 -0400
On Mon, 22 Oct 2007 11:07:35 CDT, John Hoffoss said:
Unrelated to any other thread, but saw a reply from Geoff Nathan that for me comes up blank. It may be in part due to the way our GW server is set up, but I get a few messages off this list every so often that are blank, My assumption is that these emails are sent "HTML only" within the client.
A *long* time ago, Vernon Schryver pointed out that the usual use case of multipart/alternative to send both HTML and text/plain was innately busticated: Either the HTML adds actual information content or it does not. If it does not, it's superfluous and the HTML version should not be sent. If it does, then the text/plain is lacking in information content and should not be sent - if the person at the receiving end can't render the HTML, it should be made *clear* to them, rather than displaying a text/plain that suffers from the lack of potentially crucial information. Consider the straw-man example - the string "I do <em> not </em> agree with" rendered by a html-to-plain filter that loses everything between the two emphasis markers.... (And given that actually *rendering* the full HTML complete with Javascript and the like is apparently impossible to do securely correctly, but many MUAs are able to identify most URI links and render them clickable, Vernon's point is even more true now than when he said it.)
Attachment:
_bin
Description:
Current thread:
- HTML-only email John Hoffoss (Oct 22)
- <Possible follow-ups>
- Re: HTML-only email Valdis Kletnieks (Oct 22)