[Mimedefang] DoD finally bans HTML e-mail
WBrown at e1b.org
WBrown at e1b.org
Mon Jan 8 09:59:49 EST 2007
Kenneth Porter <shiva at sewingwitch.com>wrote on 01/07/2007 04:50:11 AM:
> Some of the replies have some good points.
>
> This one is interesting:
>
> > won't do wht you think it does
> > Hey folks, this isn't going to do anything for security. There's
> > going to be a button that allows them to simply click and turn this
back
> > into an html email. It's NOT stripped text, it's just hidden the html
> > code behaviors. Push the button and you're back to HTML!
OK, so that's just a stupid implementation. I would like to ban HTML
here, and sending all sorts of articles and links to gartner reports etc.
doesn't seem to get the message through.
If I were implementing it, I would simply strip any tags, possibly
replacing some of them with their intended action, ie spaces and line
breaks.
Maybe HREF tags wowuld get everything but the URL stripped so users could
still get the link being sent.
What would be left might be a little ugly, but at least readable, and they
couldn't hide stupid text with white on white or small fonts. At least
the message gets through.
A different way to do it would be see if there text and HTML sections that
are nearly the same and strip the HTML portion. If there isn't a text
portion, or they aren't similar, then reject the message.
Or just say "screwit" and reject anything with HTML.
More information about the MIMEDefang
mailing list