[Mimedefang] javascript in html attachments
David F. Skoll
dfs at roaringpenguin.com
Fri Mar 5 15:46:18 EST 2004
On Fri, 5 Mar 2004, Paul Whittney wrote:
> I don't have the "Authority" to tell the client what they should, and should
> not use (thats a problem in itself ;-). I assume then many people add to the
> bad extensions list
> $bad_exts = ... |htm|html|...;
If you want to block HTML, you need to look at the MIME type, not the
filename, because most HTML "attachments" don't have an associated
file name.
> I'm not sure I have the authority to block all html attachments, as
> people prefer sending them than docs and zips. (To be honest, I
> shouldn't block anything, but I risk blocking pif, scr, and exe's).
My position on HTML is somewhat extreme. :-) I think HTML mail should
be banned. I think that gradually, more and more people will gravitate
to my position as the spam/virus problem intensifies.
> But if you prohibit the sending of normal file attachments, zip
> files (encrypted, or not), how do you advise your
> client/director/friends, to send you that "new important file that
> will make your product work at a client site because some update or
> system broke it in the first place"?
We need a new infrastructure for convenient file transfer. E-mail wasn't
designed for that.
Regards,
David.
More information about the MIMEDefang
mailing list