On Thu, Feb 01, 2007 at 03:59:51PM -0500, Marc Vaillant wrote: > This just isn't realistic. What sort of view of mutt do you think an > outlook user (potential mutt user) is going to get if I tell them "Hey > check out this great text based MUA that I have... only thing is, you > know that feature that everyone in the office loves to use with their > clients, well you have to tell them not to use it."
Disclaimer: I am a security enthusiast I would say your best angle is a security angle. See if you can get someone with the authority to recognize that reading your email with a web browser and/or sending HTML poses a threat to the security of the company and the users who don't know better. If they don't know what phishing is, explain it to them. Be sure you communicate how HTML rendering (and especially javascript) have capabilities to confuse and mislead the user. Further, say that email worked fine with no phishing incidents for a good 20 years before HTML came along. Do you think HTML email is so important that the Internet did without it for 20 years? If the person needs to send an attachment, that's fine. That takes care of any argument about images. While the content of an attachment may not be obvious from its filename (a book and its cover), at least you know 1) Who sent it (modulo sender spoofing; HTML can only make it worse) 2) That it is an attachment 3) That you are downloading and/or executing that attachment. If they have any doubts about the misleading potential of overly complex formats like HTML and all the active crap that it can contain, I'll be happy to convince them. Just send me written permission, your email address, and view each email, then email me and tell me what they did. Then I'll show you what you didn't know they did. You will, however, be on your own when it comes to cleaning up the resulting mess. You can see a harmless example of many of them by going to this: http://www.digicrime.com/ (NOTE: Browsing this site will cause all sorts of surprising behavior, including sending emails from your machine). If you need some "argument by authority", I point you to the fact that the DoD banned the use of HTML email and OWA: http://www.fcw.com/article97178-12-22-06-Web On a personal level, you can always create an autoresponder that says something like, "I'm sorry, but I was expecting an email from you and instead I got a web page. I do not use a web browser to read email, so I cannot view this. If you wish to communicate by email, please try sending one." > Yes, but equally sad are those who waste their lives pipe dreaming. > Having enough foresight to know which battles will bring gain sorts the > successful from the unsuccessful. I hear the same arguments about using Windows instead of other OSes. -- The driving force behind innovation is sublimation. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpYkE36F8EPk.pgp
Description: PGP signature
