Maybe I am a bit old-school already, but I like the sound of this news post:
Due to an increased network threat condition, the Defense Department is
blocking all HTML-based e-mail messages…The JTF-GNO mandated use of plain text e-mail because HTML messages pose
a threat to DOD because HTML text can be infected with spyware and, in
some cases, executable code that could enable intruders to gain access
to DOD networks, the JTF-GNO spokesman said.In an e-mail to Federal Computer Week, a Navy user said that any HTML
messages sent to his account are automatically converted to plain text.
This is one of those battles I resoundly lost in my last job: forcing Outlook to display emails as plain text. I’m one of those people who sees absolutely no need to make emails look pretty with embedded pictures. Marketing and sales think otherwise, of course. As far as my own emailing habits go, I’m pretty strict about making my outgoing emails all plain text, and most incoming mail plain text as well. You eliminate huge swaths of attacks by turning off HTML rendering in email programs…enough that really you’re left with sheer stupidity in going to links or running attachments, and you avoid all that hidden junk with javascript, remote calls, and misleading links.
If something needs to look pretty, put it in an attachment or link to the website inside the email body.