On Mon, 12 Feb 2001 16:37:33 -0500
Tim Pierce <[EMAIL PROTECTED]> wrote:
> At some point I'll also get around to rendering text/html messages
> in plain text for the AOL or MSN toys.
I don't have an recent AOL mesasges to hand (I auto-reject them).
Are the HTML messages that AOL sends multipart/alternative with a
text/plain and a text/html part, or is the root MIME part text/html
(assuming no attachments)?
> Yeah, but I also try not to let it bother me any more. There's
> only so much you can do to stop it, and cleaning it up for my
> users is probably the most effective thing I can do. (Insert Chug
> rant here about how we're all hoary old dinosaurs except for him.)
The problem is that Chuq is right on the money with the dinosaur
factor. Most 'net users today seem to operate on two base
assumptions:
-- If it looks flashy its better
-- Privacy leaks and security breaks are just "normal" and are
going to happen no matter what you do (ie the "hackers" are too
smart; after all even Microsoft got cracked so what chance do we
have?)
The marketting driven product sales economy actively supports and
encourages both those views -- making our job (and I'm writing as a
security guy as well as a mail guy) all the more difficult.
The last corporate network I helped set up filtered all inbound
email of unwelcome content like java/javascript (rejecting/bouncing
some, stripping others). We also used in-band filtering(effectively
a proxy, but one that sits at the router and you don't need to
configure your browser for) of all HTTP and HTTPS connections and
stripped all java/javascript from all retrieved web pages as well as
nuking liks to a few unwelcome content types. The users of course
screamed. However once we showed them why we were doing this, and
what the risks were to their stock options it dropped back down to
normal grumbling levels.
--
J C Lawrence [EMAIL PROTECTED]
---------(*) http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--
