[Dixielandjazz] Changes in the List - HTML

Tony Davis dixielandjazz@ml.islandnet.com
Wed, 5 Jun 2002 12:30:13 +0100


I had a reply from Rebecca Thompson asking my why it was alarming that the
list server no longer filters out HTML messages.  Well, it hasn't always
done so - back in June 2000 we had a spate of such messages which carried
the KAK worm, and many people's machines were infected as a result.  Some
time between August and December 2000 the server software was changed so
that it converted HTML attachments to plain text and stripped off binary
attachments completely.  This mechanism was in place, I believe, until the
Big Change of 30 May 2002.

As to why it's alarming that HTML is now being allowed through, here's what
I wrote to a list member who asked the same question in August 2000:

"The danger lies in the fact that HTML can also be used to contain scripts,
which are executed by your browser or e-mail reader when you open the web
page or e-mail.  In a web page, these scripts are usually benign, but a
script in an e-mail (which is invisible to the human reader) is usually put
there with evil intent.  As a rule it not only does something naughty to
your machine but also arranges for itself to be automatically embedded in
all future e-mails that you send..."

Also, not all e-mail software interprets HTML as it's intended to be
interpreted, which is why some members complain of receiving "gibberish" or
"gobbledy-gook".  So please, use plain text - and no attachments!

--
Tony Davis
Trumpet/Cornet, Zenith Hot Stompers
Aston, Oxfordshire, UK
www.tony-davis.co.uk