Unfortunately, this could be wrong. Especially if you are reading Feature rich, pretty HTML emails. Feature-rich email is not only a powerful way of communication, but also a major security threat.
There are many reasons why HTML email is a security risk, some of which are summarised below:
- Using images in HTML mail to gather demographic information about you when your mail program contacts the remote server where the image is hosted in order to allow you to view the image. Using this plus Javascript, many other ‘spying’ activities can be performed
- Using javascript to track recipients and “listen” to all forwarded messages.
- Invisible images that monitor recipients and transmit information about them.
- Monitoring the path of a confidential e-mail messages.
- Silent capture of valid email addresses for use by spammers.
- Executing arbitrary code from email using backdoors in MS Office.
- Abusing bugs in mail clients to execute programs attached to emails.
- Using ActiveX scripts in html email to steal private local files.
- Javascript in html emails sending out recipients’ private information.
- Using javascript to initiate a denial of service attack.
- Execution of malicious java applets.
- Distribution of malicious worms that infect recipients’ machines.
In general, usage of HTML in mail will make you more vulnerable to spam and may increase the likelihood that your system will be compromised by other present and anticipated security exploits.
Viewing emails without rendering HTML formatted content can be a simple, easy, and effective security technique. Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought even if it is from a trusted sender. Best option is to configure your email client to render only plain text. Of course you will miss the beautifully formatted emails. But you have to go through that pain if you want security. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML or “Original HTML” as some clients label the option.
When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.
So, next time think twice before you decide to use emails with HTML content!
For highly competitive pricing and excellent web hosting support services contact InstaCarma today!
