Conlang: Re: OT: Completely OT: PAYPAL does it suck? (H. S. Teoh, Nov 22 '06, 17:57)

Re: OT: Completely OT: PAYPAL does it suck?

From:	H. S. Teoh <hsteoh@...>
Date:	Wednesday, November 22, 2006, 17:57

From:

H. S. Teoh <hsteoh@...>

Date:

Wednesday, November 22, 2006, 17:57

On Wed, Nov 22, 2006 at 09:07:51AM +0100, taliesin the storyteller wrote:

> * H. S. Teoh said on 2006-11-21 21:13:55 +0100 > > depending on what you use to read your mail, you may or may > > not be able to tell what's the real address being linked to. > > I've actually seen spam containing Javascript that cloaks the > > real address (to a fraudulent site) and substitutes a > > legitimate one in its place visually. A similar trick is then > > employed on the fraudulent site to make it appear as though it > > were legitimate. > > This of course only happens if the mail is HTML/non-plaintext, > which is yet another reason to be wary of mail that is HTML and > insist on plaintext.

Unfortunately, in this day and age, most people expect email in HTML. (I don't, and I wish I could convince others not to, but I can't.)

> Turning off javascript in mail is not sufficient because you can also > use stylesheets to obfuscate text and addresses in the mail.

HTML should never have been allowed in email in the first place, let alone something so blatantly dangerous as Javascript. Microsoft's whole flawed idea of "active content" is the fundamental reason why email viruses are even viable, when they should never have existed in the first place.

> With some businesses/newsletters there's a way of requiring that all > mail be sent plaintext, for instance a checkbox on the > registration-form. I wish this was more widespread though, and I > consider the presence of such a method to be a sign of > professionalism.

[...] I would prefer SMTP to not support HTML at all. Like somebody else said, HTML should've been confined to HTTP. Unfortunately, that was not meant to be, thanks to the bandwagon jumpers. My spamfilters take the rather draconian measure of highly scoring anything containing Javascript, which filters out quite a significant fraction of the spam I get. The same goes for HTML-only mails. Sadly, some legitimate businesses only send HTML-only emails, which have to be special-cased for. T -- Don't get stuck in a closet---wear yourself out.

Replies

Mark J. Reed <markjreed@...>
Piermaria Maraziti <piermaria@...>	PAYPAL and HTML mails