Fellow Network World(U.S.) columnist Mark Gibbs likes pretty e-mail. But I hope that he won’t send me pretty e-mail when he sees this column because he will get the letter back unread.
I don’t know who came up with the idea of using HTML – the protocol used to describe the appearance of Web pages – in e-mail, but it seems to have been done without much consideration of privacy and security implications.
HTML e-mail can sure be pretty, or is that pretty annoying? Some programs sound like they could do a nice job of putting together an e-mail message, complete with colours and sound effects, that I would not want to get first thing in the morning. But the reason Mark, or anyone else who sends me an HTML message, will get it automatically tossed back has nothing to do with the fact that the mail might contain a tinny version of the “Ride of the Walkure.” I bounce HTML-based e-mail because it is a threat to the security of my computer and to my privacy.
This column is far too short to list all the ways HTML can be a security or privacy threat – Google Inc. gets 77,000 hits for “privacy + ‘HTML e-mail'” and 20,000 for “security + ‘html e-mail'” – but here are a few:
CERT Coordination Center has posted a dozen or so warnings of ways that HTML e-mail can be used to exploit vulnerabilities in buggy software. Some of the exploits are quite impressive – see the CERT Web site (www.cert.org) for more information.
But the big threats do not depend on flaws in software to work – they operate even if the software is totally bug-free because they use features in HTML. Kiss your privacy – what shreds you still might have left on the Internet – goodbye if you or your company accepts HTML e-mail.
The sender of the message can find out when and on what computer you read the e-mail. That person also can find out if you forwarded the e-mail to someone else, and who the someone else is and return a copy of the cover letter you sent with the e-mail to that someone. The same is true if that someone replies to you or forwards the e-mail to a third person and remains the case as long as the original e-mail is included. The original HTML e-mail sender also can stick a cookie including your e-mail address on your machine that can later be read by cooperative Web sites, even if you are trying to be anonymous.
There are many more threats and I could go on, but you get the not so pretty picture.
Bradner is a consultant with Harvard University’s University Information Systems. He can be reached at [email protected].