Folks,
Viruses may "ride in HTML e-mails", but do not ride in the HTML, rather in the
JavaScript (NOT the same as Java), or ActiveX functions embedded in the HTML
file. You can still allow HTML files if you turn off the ability to execute
JavaScript and ActiveX controls (some browsers/mail clients allow this).
In addition, HTML is not required as the carrier. It is always a good idea not
to have attachments automagically open when a message is read. Many email
clients unfortunately do not have this as the default behavior, because
auto-opening attachments is sexy.
The popular press does not do a good job of identifying the threat, nor how to
close the vulnerability in your system. You can lose some neat functionality
by overestimating the problem. Of course, if you don't have the ability to
turn off specific behaviors, then you'll have to do what you can.
I would be interested to know if blocking HTML mail also blocks mail
containing URLs and "mail to:" (without the space) references.
Mike Jenkins
>===== Original Message From [EMAIL PROTECTED] =====
>To all: These viruses ride in HTML e-mails. We therefore no longer accept
>HTML e-mails, you may want to consider doing same. Just a suggestion. Yvonne
>Halpaus
