Email Encryption
Email Privacy.INFO

Email Encryption
Email Protection
Email Security
HOME
Attachment Security
Email Attachments
Email Encryption
Email FAQ
Email Headers
Email Privacy Tips
Email Privacy
General Email FAQ
Password & Passphrases
Useful Links
Useful Software
Privacy Protecton Sites
2 Privacy
Permanently Delete Files
Proxy software
Delete History
Free Proxy List
Free Software
Quick Navigation
Anti Trojan Tips
Attachment Security
Beware of Trojans
Digital Signatures
Disable JavaScript
Email Attachments
Email Encryption
Email FAQ
Email Headers
Email Offline Reading
Email Privacy Tips
Email Privacy
Email Terms
Email Test
Email Virus Protection
Encryption FAQ
General Email FAQ
HTML Email
Password and Passphrases
PGP FAQ
PGP Tutorial
Preview Pane
Remailers
Remove Trojans
Show File Extensions in Windows
SSL Email Encryption
Useful Links
Useful Software

HTML EMAIL

What is HTML Email?

Graphical e-mail clients are now conventional among PC users. While these e-mail clients are convenient and powerful, they also make users' machines open to several potential privacy and security threats. For example, if HTML is involved.
HTML (Hyper-Text Markup Language) is the language used to make web pages. HTML can also be used for writing nice-looking, showy emails, therefore, most of the standard E-mail readers in use today, such as Outlook, Outlook Express, Netscape Messenger, and Eudora, are HTML-enabled. But HTML is for making web pages and the plain text is for simple e-mail communications. If you want to create a web page or write a book, fine. But e-mail messages are not web pages or books. E-mail was designed for simple messaging. Anything else detracts rather than adds to its core functionality.
But what exactly is so bad in HTML e-mail? Think about it. What privacy and security threats do you face in the web with your web browser? Three main threats are:
  • IP revealing.
  • Cookies and web bugs.
  • Active content (Java applets, ActiveX controls, JavaScript and other forms of active scripting)
The basic technique is for an HTML message to include graphics in an HTML E-mail message that is loaded from a Web server. This graphics is specified using a standard HTML IMG tag. The tag can appear anywhere on the page and the graphics file will be fetched and displayed when the message is read. Or won't be displayed because the file can be a 1-by-1 image that is completely invisible. The technique of including invisible images in junk e-mail messages is common today and they are used for the purpose of checking to see if a junk e-mail has been read or not, or to get your IP from the IMG request. This makes Internet relations much less private.
The technique based on cookies can be used to match someone's e-mail address to his "internet surf history" without his knowledge. This technique can be used to allow a banner ad company to associate an e-mail address with an "anonymous" profile that has been created for a person while surfing the Web. Once a banner ad company has got an e-mail address tied to a profile, they can provide a service to advertisers of customized ads in "junk" e-mail message. These ads can be based on profiles previously created from web site visits. In addition, banner ad companies can offer the service of sending out "junk" e-mail messages to people who visit a particular web site. Such technique relies on a security hole that is present in both Microsoft's Internet Explorer browser and Netscape's Navigator browser.
Several general vulnerabilities in HTML mail make it possible for malicious code to launch when you even preview a message in some versions of Outlook, unless you have the latest patches for Internet Explorer. For instance, the "Forgotten" worm was written in Visual Basic Script and spread without any attachment. Instead, the worm code was embedded into the HTML formatted message body. The "I Love You" worm program exploited an ActiveX vulnerability and was executed just by viewing or previewing the e-mail message without opening any attachment. The latest update for IE neutralizes the IFRAME tag used by "Klez" and other recent viruses.
So, when you're surfing the web, all of those technologies can be used by web sites to compromise your own privacy and (in extreme cases) the security of the data on your computer. And now when you receive HTML e-mail by one of those HTML capable e-mail clients, you face the SAME threats as if you were opening a web page, just as you would in your web browser. Put simply, any technology that you might face on the World Wide Web while using your web browser is now used while you open and read e-mail.

Use latest patches.

Not only do you need to keep your anti-virus software updated and scan any attachments before opening them, but you should also stay current with updates of Internet Explorer, whose components are used to display HTML format mail messages. So, unless your copy of Internet Explorer is current with the latest patches, you may be running a risk of virus infection via an HTML message.


Question of the Day
Thursday, July 29, 2010
  Copyright © 2009 Email Privacy.INFO All rights reserved.