On 9/26/01 6:52 PM, "Russ Allbery" <[EMAIL PROTECTED]> wrote:
> For small images, there's no reason not to just include the image in the > message. You can then inline them just fine; True but.... A growing number of corporate firewalls reject mail with attachments. So if you're running a list, you're cutting yourself off from those users. I see this as becoming more of a problem over time, not less, given how things are going. Now, there are a lot of stupid IS organizations doing stupid things at the firewall in the name of anti-virus and/or spam protection. I've had more than one discussion with them, few of them fruitful, trying to explain things like "false positives are not a feature". But beyond stupidity, there are corporate policy issues that you may disagree with, but it probably doesn't make sense to fight when you have reasonable alternatives, and mebedded graphics is one place where the net gain is minimal and it creates an artificial barrier. The number of problems caused by embedding an the number of problems caused by referring to a remote file seem about the same from my experience. > I think that opening URLs poses a security risk, Being on the internet is a security risk. Joining a mailing list is a huge security risk, since unless you like spam, joining lists will likely get you onto spammer lists sooner or later. For a long time, in fact, list-managers dumped all our addresses out into google and the global engines, but I just checked and that isn't true any more.... You can't avoid risk, unless you unplug the machine from the net. So you need to evaluate and manage that risk, and teach people to understand it, and I think it's important for list managers to build a web of trust around themselves that users can understand and accept. > I > think he's wrong about the percentage of deployed clients that are going > to successfully receive such mail. That's because within that 2% of > people who think about such things are firewall administrators who are > watching things like I sort of agree, but not completely. For the most part, those people are using the corporate tools. You don't have a guy sitting and running ELM making pollcy decisions for a corporation running Outlook Express. You have Outlook Express people making decisions for sites running OE. There are exceptions, but in general, the IS weenie (of which I is one) uses corporate IS tools. > Embedded <img src> tags are active content. Yup. And that's why I think it's important that sites that do this discuss it in their privacy disclosures -- and stick to what they agree to. User tracking, by the way, is not by definition evil. But user tracking can be abused -- and is. And if you do track users, what you're doing ought to be disclosed. You let users make the choice. And if you do stuff like this, you ought to have a way to allow users to opt-out if they want.
