Leif Gregory wrote:
Irrelevant. We're talking about one single e-mail client out of
hundreds that we want left alone from all the fluff, glitz and
security holes. Can't you just leave one well enough alone so
> that the minority of us security focused people can be
happy too?
The capability to view images doe not create a security hole. What the
user does with that capability is the actual security risk. Again, what
about embedded links? These are a greater threat than say an embedded
web bug. Click on the wrong link and you go straight to Java
Script/ActiveX hell, yet these are not blocked. I respect anyone who is
computer security aware, makes my job easier. Computer security is
making me a lot of $$$$.
This is the way they do business, most do not have a plain text
option or multi-part capability.
Because their customers demanded it. They want the glitz, the fluff
and the eye-candy without regard to security.
I highly doubt people have called their financial institutions demanding
HTML mail. It is simply a part of the business model in corporate
America. In my work, I have approached businesses about killing the HTML
and embedded images or at a minimum, using a plain text option. The
answer is a flat "no", it is not competitive. They consider it
advertising and a matter of "keeping up with the Joneses". I have a Web
designer friend who gets paid 6 figures to design HTML mail
(newsletters, statements etc) for a large financial institution, they
take this stuff seriously.
I am able to white list these using the address book.
So I send you an e-mail using the e-mail address of your bank
referencing an image on my server. Now what?
Given the number of banks in the US, someone would have to specifically
know what bank I am using and know the specific e-mail address for the
e-mail that is being sent. One of my banks uses no less than 8 e-mail
addresses (one for my savings statement, one for checking etc). Add that
to complexity of munging the e-mail address and duplicating the e-mail
itself plus the actual return value of all this work = long shot. That
and my firewall blocks Port 80 in my mail clients, I have to
specifically authorize a connection to a Web address. It's a pain, but
it's necessary.
and while we're at it let's just strip that potentially nasty HTML
crap right out of TB! and lean it up a bit.
That's why RITLabs wrote their own HTML rendering engine. So now they
spend time making sure they can render everyone's HTML markup with
less time spent on fixing IMAP and other bugs. People wanted HTML
e-mail, but at least true to their word, RITLabs did their best to
ensure the integrity and security of TB.
I was being sarcastic, but since you brought it up. Yes, RIT Labs (and
Poco Systems) did the right thing and reinvented the wheel. This is
double duty, creating an e-mail client and Web browser/HTML editor at
the same time. It is a lot of work for the few, but it does keep the
rest of safe from that flawed IE engine.
--
Mike
________________________________________________________
Current beta is 3.61.13 (Echo) | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html
IMPORTANT: To register as a Beta tester, use this link first -
http://www.ritlabs.com/en/partners/testers/
