[Coco] Document Formatting (was: Hello All)
John E. Malmberg
wb8tyw at qsl.net
Sun May 30 20:57:29 EDT 2004
Robert Emery wrote:
> I'm still a little confused as to what this SP2 will actually do. It looks like
> you're saying it will put everyone back to text-only, not allowing html email
> content by default rather than relying on a user setting it that way.
The problem with HTML or rich text being sent as default is that it is
making an assumption that the receiver is able to deal with the content.
One of my relatives thinking that they were doing a favor put my
e-mail addresses in on an information sheet for a web page. That web
page sent an e-mail that was 2 Megabytes in size. Just to make sure
that it arrived OK, they sent 4 copies.
The web site apparently did not tell them how big the e-mail would be or
in what format.
A sender must not ever assume by default that anything other than plain
text is welcome by the recipient. Mail client software that makes that
assumption by default is either being ignorant of existing history, or
trying to force a shift. And IMHO, trying to force such a shift is rude.
New users to Internet e-mail should be warned that they should only send
HTML or rich text to receivers that want it as it is an "Extension" to
Getting the mail clients to default to plain text for Internet e-mail is
a good thing.
Mozilla has three settings.
Basic HTML will only use a subset of functions, none of the exploitable
HTML code will run.
Full HTML will do everything, with the exceptions below.
Scripting is separately enabled/disabled by the user. [This should be
done for safety]
Display of external links is enabled/disabled by the user. Not only
does this allow the spammer to confirm that your ISP has poor spam
control, at least one spammer is including a boot loader to download
some addition spyware. Some folks on news.admin.net-abuse.email are
trying to figure out what exactly it does. Apparently it is not
tripping the all of the virus scanners.
Display of included pictures is enabled/disabled by the user. Turned
off because I do not need to see what is in spam. Also worms were using
a bug in the way that Microsoft determined how to display the content to
> I agree, a little color, italics and bold can greatly enhance a message. RTF
> (rich-text) was great for that, and not a security risk like html has been. I
> wonder why that was never included in email's abilities. That's another of the
> various reasons I like the forums Roger has at CoCo3.com... you can do those
> things, and safely.
RTF is/was a proprietary format and I am not sure that it ever has been
publicly documented, just reverse engineered.
E-mail originally allowed such escape sequences to be sent for boding
and such, and that was before the ANSI standardization of terminals.
Exploits were done where if you could guess the recipients terminal
type, you could take control of it, or do minor pranks.
So e-mail was restricted to 7 bit printable ASCII to stop those exploits.
Who ever decided to set up e-mail clients to be able to render advanced
content was totally ignorant of why the restriction was put in, or they
would have limited the display capability. I do not think it was
Microsoft that made that original mistake.
One of the other basic problems with anything other than plain text is
that it is hard for the sender do know what the receiver can handle in
The sending of alternative formats does not solve all the problems,
because it makes it even worse for people who have low bandwidth or low
HTML and other formats on a web page do not put an additional burden on
the browser as the browser can decide what it wants to download, and the
browser can tell the server what it's capabilities are and how it
prefers to do things.
E-mail is open loop. Unless the sender has received some previous
communications, they do not know what is acceptable to the recipient.
If your display has 16 Million colors, and mine only has 256, if you
select a color that I do not have, the substitutions may be bad. If you
set a font that I do not have there is the same problem. If you specify
a font size, it may not be one that I can display.
A display that looks good on your 15" monitor at 800 * 600 resolution,
may be totally unreadable on my 19" monitor that is set to 1280 * 1024
What people do not realize in when formatting web pages or other content
for remote interpretation is that the formatting needs to be considered
a suggestion, and their document must not depend on the hints being
taken to display correctly.
And unfortunately much of the authoring/composing software available
does not generate the tags as if they were optional, nor do they allow
the person to see how their composition will show up under various
Personal Opinion Only
More information about the Coco