[MUD-Dev] ADMIN: HTML email, the reasons against

J C Lawrence claw at kanga.nu
Mon Apr 2 18:49:25 New Zealand Standard Time 2001

Writing as list owner:

  Recently there's been a spate to HTML email submitted to MUD-Dev,
  which, dutifully, I've been rejecting.  However I realised at the
  MUD-Dev dinner that many were not aware of the reasons I won't
  allow HTML email on MUD-Dev (and no, it has nothing to do with my
  mail client, exmh -- it handles HTML just fine).

    As a point of policy and a promise to list members, (I've
    stated this at various points), I will not reveal whether any
    partciular individual is or is not a member of any list unless
    they specifically make that fact public on their own accord.
    Even then, the only admission I can make is that they were a
    member at that time -- I can make no comment on any later or
    earlier status.

    If I allowed HTML onto the list I would be unable to maintain
    that promise (think web bugs - images and files linked off
    remote sites - or embedded JavaScript or Java).  I also lose
    any ability to ensure that Kanga.Nu is not the vector for
    Java/JavaScript/etc attacks carried out via scripts embedded in
    the HTML, or scripts linked off a remote site (which could
    change after I approve/release a message) by HTML.

        This may seem precious until you consider some of the
        implications and realise that with a trivial piece of HTML
        tomfoolery you could track every single time one of your
        messages was read, where from, and likely by who.

    Arguably I could use various scripts to help remove such risks
    by sanitising the relevant HTML.  I'm not confident however
    that such scripts couldn't be broken or worked around without
    my noting the attempt.

    There's also another reason: Given an HTML message which
    references remote content (say images), faithfully archiving the
    message is much more difficult as it involves copying the remote
    data to the archives here and then rewriting the links and
    relevant code (eg JavaScript) to match.  This is an error
    fraught and fragile process.  I consider the compleatness and
    accuracy of the archives to be one of MUD-Dev's more significant
    values.  With HTML email I can't guarantee the state of the
    archives to even a rather minor extent.

    Thus, no HTML.  
  There is one exception: If you send a message which has a
  text/plain part and a text/html part (several sevices such as
  AOL make it difficult to send anything else than this),


  then I'll strip the HTML part and moderate on the remaining
  text/plain version.  If your resulting message is mangled.  Well,
  I'm sorry.  I need to defend the other list members and the list

J C Lawrence                                       claw at kanga.nu
---------(*)                          http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list