mark wrote:
The most prevalent means of spreading viruses is through binary
attachments to plain-text e-mail messages. Precisely the manner of
transmitting complex documents most loudly advocated for by those
opposing html-mail.
This, in fact, ain't so. I get, oh, a hundred or hundred and fifty (or
more) spams a day, and they don't usually have attachments.
First, you really need to get a better ISP. I get very few little spam,
maybe 1 or 2 a day at most, because my ISP uses SpamAssassin to filter
incoming and outgoing mail. What little spam I do receive is almost
entirely from companies I do business with and the Bayesian filter in
Mozilla hasn't quite figured out the difference between a bill
notification and an offer for a lower rate mortgage when they both come
from the same domain and addy. Other than that, the spam I do receive is
as likely to be in plaintext as html. So htmlmail != spam. And for the
record spam != virus. Two completely different problems.
What *is*
common is HTML mail with a link that says one thing... but if you look
at in as plaintext, it actually points to somewhere else. Most folks
receiving that don't look at it as plaintext - a lot probably have
"original HTML" on, and don't see the falsity of the link.
Different problem. This is usually connected to a phishing scam and
involves taking you to somewhere that looks like a legitimate site --
ebay or whatever -- but is actually a fake. Then they proceed to steal
your identity. You actually have to do about 3 or 4 stupid things in a
row to get caught in one of those.
Any half-decent spam filter will treat attachements and core messages
the same ways. ie if it's blocked as attachement, it will be blocked as
message and the reverse is also true.
Whatever. It still doesn't have anything to do with your assertion that
html-mail spreads viruses.
Think about it: If html-mail is associated with spam -- and I will
gladly stipulate that there is a statistical correlation -- and if 1)
ISPs filter much of that spam as mine does, and if 2) much of the rest
is caught by individual e-mail clients, as mine is, and if 3) most
people simply delete what does get through all that, as I do, then
html-mail is a spectacularly ineffective vector for malware.
What's much more effective is an otherwise innocuous-appearing e-mail
from someone you know that has a binary attachment -- perhaps a Word doc
with a malicious macro. That's precisely how most of these really bad
worms are spread. The message isn't html precisely because they know
that will trigger spam-blockers, and being from someone you know it is
very likely to be on your "whitelist", both in terms of your e-mail
client and in your own head. The result is that you are orders of
magnitude more likely to perform the enabling actions that the virus
needs to spread.
My biggest hazard with html-mail is that I'll open a spam that will then
bang a server to get an image which confirms that my addy is live. But
even so, if that was a huge problem I would certainly be getting more
spam than I am. And I've had this addy for the last 3 or 4 years with
little problem.
--
Rod
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
