Digg this story   Add to del.icio.us  
Solving the Problem of HTML Mail
Shane Coursen, 2002-02-04

Now there are options for screening potentially dangerous messages, or even eliminating HTML email from your life.

The benefits of HTML email are numerous. A business that wants to market an idea can do so by immersing its target audience in a powerful and compelling medium. A single HTML email sent to 1,000 people is for all intents and purposes a 1000-hit portable and transportable Web site, that can allow your audience to not only read about your product, but experience it with images, animation and sound.

Such tactics are intended to work the human psyche, and they do so with the greatest of efficiency. People who specialize in marketing - and even those who do not - know this well. Since the invention of radio and television, hundreds of thousands of commercials have been designed around this theory. Hardly a moment in our life passes where we are not bombarded by things intended to catch our attention. The same holds true with Internet marketing.

But marketing on the Internet isn't nearly as expensive as radio and television. No longer does it take a large budget to get your message out. With careful planning, an HTML editor and a list of email addresses, you have just about everything that you need.

Enter the consumer.

Consumers generally remember great experiences, and shun the plain and boring without a second thought. Translated into terms that many of us will understand, consumers love text/html and shun text/plain. Undeniably, rates of response are higher with HTML marketing email vs. that of plain text messages.

It makes me wonder, then, why the advent of computer viruses with the ability to infect HTML files hasn't curbed our HTML email appetite.

Surely there must be a greater percentage of people in the world who care more about the security of their personal information than a rich graphical email experience.

I'll stop short of recommending that people ban HTML email, because I know that it simply won't happen. It is also very likely that I would receive a great number of hate emails (no doubt many of them sent in HTML format) from companies that center their business model around HTML email. But I would like to let people know that, even if they receive HTML email, they always have the choice of screening the messages prior to reading them.

With that in mind, here are a few methods of screening HTML email.

To start, determine what type of email it is that you are about to read. Do this in one of two ways. In your email reader, click on File, and then Save As. Generally, if the email is HTML, the extension the file will be saved as is .HTM. Alternatively, right click on the subject line of the email, then view its properties (sometimes known as Options.) If you see "text/html" or "text/multipart", the email may contain some sort of scripting language.

If you are suspicious as to the origin of the email, first save it, and then view it in a text editor. Note that double clicking on the saved .HTM file will cause it to launch. Assuming that you are familiar with HTML coding, or can see that it references an external website, you will be able to visually determine that the email may be malicious in nature.

If you are unfamiliar with HTML, then "File, Save As" text. Doing so strips the email of HTML coding, thus allowing you to once again safely view the saved file in a text editor.

For those who do not want to increase the time it takes to view their email by 400%, you have other options.

Microsoft released an advisory in December with instructions on activating a new option in Outlook 2002 that will convert all non-digitally signed or non-encrypted HTML email to plain text. Unfortunately it will only work for Microsoft Outlook 2002.

The second option is an Outlook add-on that was recently created by TruSecure's Russ Cooper. This is a.DLL and also has its limitations, but is an excellent tool to consider.

The few options above barely touch upon the many methods of avoiding HTML email. They are undeniably Outlook-centric, and do not take into account the plethora of alternative email readers that exist. If you are aware of other methods, I invite you to post them in the reader discussion list below. If you are too timid to do so, please feel free to send me an email -- just make sure to do so in plain text.


Shane Coursen has worked in the field of antivirus research since 1992. He is currently CEO of WildList Organization International.
    Digg this story   Add to del.icio.us  
Comments Mode:
Solving the Problem of HTML Mail 2002-02-04
Roland <r s m i t h AT x s 4 a l l . n l >
Don't use Outlook 2002-02-04
Anonymous (2 replies)
Don't use Outlook 2002-02-06
Anonymous (2 replies)
Don't use Outlook 2002-02-08
Anonymous (2 replies)
Don't use Outlook 2002-02-16
Anonymous
Don't use Outlook 2002-02-16
Anonymous
Don't use Outlook 2002-02-07
trowe
Solving the Problem of HTML Mail 2002-02-04
Tony Turner
Solving the Problem of HTML Mail 2002-02-05
Dr. Gerry Hecht
Solving the Problem of HTML Mail 2002-02-06
Anonymous
users 2002-02-06
Stefan Caunter
HTML mail is for Teletubbies 2002-02-07
lala@po.com
this comment page... 2002-02-08
WetBlanket
Procmail on the Mail Server is a Real Solution 2002-02-12
Analysis and Solutions
consumers love text/html 2002-02-12
Anonymous
Solving the Problem of HTML Mail 2002-02-13
Anonymous
Solving the Problem of HTML Mail 2002-02-14
Old Fogie (aeaton@fdic.gov)
We nead assambly... Order is dump 2002-02-16
Anonymous
Solving the Problem of HTML Mail 2002-02-19
Daniel Spiljar <dspiljar+www@bofhlet.net>
Solving the Problem of HTML Mail 2007-10-04
Anonymous


 

Privacy Statement
Copyright 2010, SecurityFocus