Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?

pan-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?

From:	Steven D'Aprano
Subject:	Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?
Date:	Sat, 28 Sep 2013 12:31:11 +1000
User-agent:	Mutt/1.4.2.2i

On Fri, Sep 27, 2013 at 07:53:59PM +0000, Duncan wrote:

> > WRT HTML malware, I suppose it's possible, but it seems that you would
> > have to have pretty lax defaults for your browser and OS for that to
> > really be a serious problem.  I worry more about my email address
> > leaking onto the Internet, and being deluged with offers to improve the
> > size/function of my reproductive organs.
> 
> With email, one of the tricks spammers use to verify an address is 
> sending an HTML mail that references an image on their site. [...]
> This sort of tracker image is called a web bug.

Web bugs and HTML are not just good for verifying email address. There 
are all sorts of tricks people can do with HTML email. They can track 
when, and if, you open emails. They can't literally tell if you have 
read the email, but they can certainly tell when and how often you've 
opened it. They can implement "self-destructing emails", which can only 
be opened once, or which cannot be forwarded to others, or printed from 
the mail client. Or they can track who you forward emails to.

There are free and commercial services which offer to do this:

https://duckduckgo.com/q=email+tracking+service

I discussed this on another mailing list recently:

https://mail.python.org/pipermail/python-list/2013-August/654312.html

And more here:

https://mail.python.org/pipermail/python-list/2013-September/655332.html
https://mail.python.org/pipermail/python-list/2013-September/655357.html

In the second two, I talk about visiting websites. But of course the 
same applies to HTML mail. The technology is exactly the same, even the 
HTML renderer software is usually the same, only the front-end is 
different. If IE has a bug that lets a website install malware on your 
machine, so does Outlook which uses IE.

[...]
> Meanwhile, how many non-spam/non-malware messages actually NEED HTML to 
> deliver their message effectively?

Don't mistake HTML (a technology) for the ability to use rich text (a 
function). Formatted text can be useful. We have bold and italics and 
superscripts and similar for a reason, they add information to text (or 
at least they *can* add information to text). In plain text, we're 
limited to pseudo-formatting using markup, which is second-quality at 
best. But there's no technical reason why formatted rich-text must be 
implemented by inefficient, insecure, user-hostile HTML. There are 
alternatives:

- Web and news clients could be aware of markup standards such as 
  ReST and Markdown, displaying (say) *italic* and **bold** using 
  actual italic and bold. Or at least a subset of the markup. Pan 
  already does this, in a very limited way, but doesn't support the 
  full ReST or Markdown specification.

  [Aside: technically HTML is also a markup language, but it's too 
  powerful, too verbose, and too hard to read to be a good standard 
  for rich text.)

  ReST and Markdown are good choices because they are designed to look 
  just like the ad hoc and intuitive pseudo-formatting people already 
  use for plain text email: if your mail client doesn't support ReST, 
  the marked-up text still looks good.

- Another standard markup is TeX/LaTeX, which is probably the most 
  powerful typesetting software around, but not exactly user-friendly
  or easy to read.

- An existing email standard is Enriched Text:

  https://en.wikipedia.org/wiki/Enriched_text

  Alas, it is hardly supported by anything of note, and although it 
  is more secure than HTML, it suffers from the same verbosity and is
  likewise difficult to read. Compare bold+italic text:

  Enriched text:  <bold><italic>Something important!</italic></bold>
  ReST/Markdown:  ***Something important!***

So there are options for rich text that don't involve HTML. Mail and 
news clients could include WYSIWYG editors that generated (say) ReST or 
Markdown text, and the user would never need deal with the markup 
commands themselves. They would just select a range of text and click 
the B button to format it bold. The recipient would see bold text if 
their client supported ReST, otherwise they would see **bold** text.

-- 
Steven

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Pan-users] Should "Go Next Watched Article" work ?, manthony, 2013/09/26
- Re: [Pan-users] Should "Go Next Watched Article" work?, Travis, 2013/09/26
- Re: [Pan-users] Should "Go Next Watched Article" work?, Duncan, 2013/09/26
- Re: [Pan-users] Should "Go Next Watched Article" work ?, manthony, 2013/09/27
  - [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?, Duncan, 2013/09/27
    - Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?, Steven D'Aprano <=
    - Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?, Duncan, 2013/09/28

Prev by Date: Re: [Pan-users] Is there a "sent" folder for Pan 0.135 (for sending to moderated newsgroups)?
Next by Date: Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?
Previous by thread: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?
Next by thread: Re: [Pan-users] HTML posting Was: Should "Go Next Watched Article" work?
Index(es):
- Date
- Thread