Chuq Von Rospach <[EMAIL PROTECTED]> writes: > On 9/26/01 10:55 AM, "Nick Simicich" <[EMAIL PROTECTED]> wrote:
>> My personal feeling is that any e-mail client that automatically >> invokes remote urls of any sort, including img tags from e-mail that >> I'm looking at is essentially broken. > You are in a user base of about 2% or less of the net population, then. > I'm not saying you're right or wrong -- but you're clearly not typical > or speaking for them. FWIW. For small images, there's no reason not to just include the image in the message. You can then inline them just fine; there have been MIME standards for doing this for eons. Gnus handles that seamlessly, and I would hope that the typical Windows mail readers would as well. I think that opening URLs poses a security risk, and while Chuq may be right about the percentage of the population that think about that, I think he's wrong about the percentage of deployed clients that are going to successfully receive such mail. That's because within that 2% of people who think about such things are firewall administrators who are watching things like the Nimda worm and thinking "hm, maybe we should start being more aggressive about filtering out active content." Embedded <img src> tags are active content. Just because the HTML claims to be an image doesn't mean that the remote site has to send you an image or that your browser will interpret it as one. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
