Network News

X My Profile
View More Activity

Do Away With HTML Based E-mail

Last week, Microsoft issued a patch to fix an extremely dangerous flaw in Windows that cyber crooks could use to break into your computer just by getting you to open an e-mail.

Let that sink in a moment: Merely by reading a specially crafted e-mail, you could open your Windows machine to attackers, who are then free to install malicious programs, and view, change or destroy your personal data. Try not to be too frightened by the news this week that instructions showing bad guys precisely how to exploit this flaw were posted online for the whole world to see.

This was hardly the first time Microsoft issued a patch to fix a similarly serious and easy to exploit vulnerability. But it gives Security Fix a good excuse to remind readers that viewing your e-mail in anything other than plain text mode is asking for trouble on a Windows computer.

Most e-mail software comes configured to relay messages both in text-only mode and HTML format, which allows for the rendering of graphics and other Web-based content. But blindly accepting HTML content from third parties is a bad idea on a number of levels. The most dangerous threat is HTML content that enables the silent downloading of malicious software. In addition, even if you've never replied to a single piece of junk e-mail, spammers can tell if they've got a working e-mail address if you merely view one of their HTML-based e-mail ads.

If young children use your computer or if you'd rather not look at spam touting graphic images from adult Web sites, disabling HTML is a must. Also, e-mail phishing scams often are made much more convincing when rendered in HTML.

Likewise, sending e-mail in HTML mode is just a bad idea all around, and these days, it's a recipe for making sure the messages you send get caught in the recipient's junk mail folders. That's because in an effort to bypass anti-spam technologies that look for spammy words in the body of the e-mail, a huge percentage of spam now arrives embedded in HTML code and in images.

This is by no means an exhaustive list, but I thought it would be helpful to link to some instructions for using text-only mode in some of the more popular e-mail clients in use today:

* Outlook 2003

* Outlook Express (XP)

* Thunderbird

* OperaMail

* If you use Eudora 7.x, click "Tools," "Options," and then scroll down to the "Display" settings box and uncheck the boxes next to "Automatically download HTML graphics," and "Display attached images inline."

I'm sure there are other popular e-mail clients that I've omitted here. Please feel free to use the comments section below to point me to similar instructions; I will do my best to include them here in updates.

By Brian Krebs  |  January 17, 2007; 8:39 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Note to MySpace Users: Get Better Passwords
Next: Great Strides in Phishing

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company