Is it true that it's safer to send emails in plain text rather than HTML, with regards to virus etc?


Thanks in advance

Hi,

Here's an article which will help you






I want one make one thing as clear as I can. It's RECEIVING HTML mail that's the problem. SENDING HTML mail will not hurt you (unless you are still using a metered dial up connection) - it may even boost your company sales - but it also *may* hurt the people to whom you send it. So if you are happy to be ignorant, lazy, spiteful, self-centred and/or cowardly you can ignore the rest of this article and go and bask in you supercillious smugness. OTOH if you care at all about the people you send mail to, read on...

HTML email can be dangerous,
HTML email is not always readable,
HTML email wastes bandwidth
and
HTML email is simply not necessary.

These 4 points are as true now as they were 3 years ago and indeed they will ALWAYS be true while plain text exists as an alternative to HTML mail. (I hereby predict that M$ are designing Outlook Express 9 to ONLY accept HTML email - remember you read it here first!)

So here are the same seven points I made before, all still true though some details have been updated and expanded:



1. HTML e-mail is dangerous
If for no other reason, you should not send e-mail in HTML format because by doing so you are exposing your intended recipient(s) to the risk of catching a virus - a virus which you yourself may be unaware you have until you are told about it by someone you have infected (or until it alerts you to its presence by unleashing its payload).

Most of the fast-spreading internet-borne viruses propagate by automatically forwarding themselves to every address which they can find in your address book, and some even seek out every address in the body of every message in your inbox. Of course, they don't stop to ask your permission before doing this - the first symptom you'll spot is someone you've infected sending you an angry message saying you've given them a virus.

Unfortunatley the latest popular virus at the time of writing (k l e z) fakes the from address too, so you cannot warn (or accuse) unknowing senders of viruses, and you may also find yourself falsely accused.

But what has this to do with HTML mail?

For at least 3 years there have been viruses (namely Bubbleboy and kak.worm) which are triggered simply by viewing an HTML message in the preview pane of unpatched versions of Outlook Express. There are other ways of getting html functional email to automatically run code, by exploiting a vulnerability in the way the Internet Explorer engine (which Outlook and OE use to display HTML mail) handles IFRAMEs for example.

Since HTML can include scripts, HTML email is obviously more of a security risk than plain text, and the most recent viruses have made full use of this flaw.

2. HTML e-mail always wastes bandwidth
HTML e-mails are always at least twice the size of plain text mail, since they include both the plain text version and the same thing with embedded html markup tags. Don't believe me? Just look at the source code of any html mail you have received (in Outlook Express click File > Properties > Details > Message Source).

So YOU may have a big fat connection, but if you're sending your HTML mail to 5000+ addresses, some of your users will probably be on 56k or less metered dial-up connections, and your bloated message will cost them money.

3. HTML e-mail doesn't always work
Some popular e-mail readers (Pegasus Mail for one example) simply don't read HTML mail and others (such as Pocomail and even AOL) have difficulties displaying it properly.

The irony is that the applications which do read HTML well are precisely the ones which have the security holes. Why? ...because they render HTML... To do so they need to use some form of HTML rendering engine, usually one that is already resident on your system rather than one that is inbuilt. i.e. they use I.E. and Internet Explorer is so closely connected to the heart of the Windows OS that a security hole in it can be an open door to hard-drive trashing scripts.

4. HTML e-mail can connect to the internet by itself
If an HTML e-mail includes references to online images then (by default) Dial-Up Networking will try to connect to the internet to download those images. These images can also be used to set and retrieve cookies. O.K. So neither of these are your problem if you're the sender... but they can be very annoying if you're on the receiving end.

5. HTML e-mail renders slowly
Some mail apps (e.g. Outlook) can slow down considerably when rendering HTML. The need for an HTML parser has also led to code-bloat in email apps generally.

6. HTML usually looks like it has been designed by stoned amateur chimpanzees using Front Page Express with their feetHTML e-mail offers the sender the opportunity to really go to town with their lack of design skills - unreadably small fonts, fonts that no-one else is likely to have, clashing colors, badly formatted image files etc. etc. By taking control of the appearance of e-mail away from the recipient they can prevent the sight-impaired from applying necessary user-accessability options...

7. Digested lists hate HTML mail
OK, this one's a little specific, but if you send an HTML email to a subscriber list which has a digested version (i.e. which bundles several postings together into a single longer email) then your message may well appear in the digested version with all its html tags - i.e. virtually unreadable... that is if the list administrator hasn't configured their server to automatically filter your offending format to oblivion.


hope this article helps you. Plz reply for more help

Regards
Ron

cheers Ron.

at the moment i use incredimail and not outlook express, so i suppose i may as well go back to outlook express if i'm going to use plain text do you recon?.



cheers

Hi,

Use can write plain text messages using incredimail too.

To enable plain text message in incredimail


Enable Support for Plain Text Emails in IncrediMail


To compose a plain text message in IncrediMail, your first have to make sure composing plain text messages is enabled:

Select Tools | Options... from the main IncrediMail menu.
Go to the Advanced tab.
In the Message section, make sure Enable 'Plain Text' in the style box is checked.
Click OK.
Write a Plain Text Message in IncrediMail
Now, to compose a plain text message in IncrediMail:

Create a new message by selecting the New Mail button from the IncrediMail toolbar.

Go to the Letters category in the Style Box.
Make sure Plain Text is selected.
The first item in any collection is Plain Text.

Cheers
Ron.

cheers Ron, much appreciated. looks like it's plain text sailing all the way for me from now on.


Regards

whippit