PDA

View Full Version : Help with AVG Anti-virus email scanning



Howard M. Rensin
04-28-08, 03:32 PM
I have just installed AVG Free Ver 7.5 and it is blocking my sending web
pages in the body of emails. I am running XP SP2 on my desktop and using
Outlook 2003 as my email client and IE 6 as my browser. With the browser
open and on a page I want to sent to someone, I pull down the Tools menu and
click on the top item which is email & news. I then click on 'Send Page' and
it opens a composition window with the web page in the body. If I then send
that to someone, AVG blocks the entire web page and the only thing that
comes through is AVG's message that the email has been scanned. I did not
have this problem with Norton.
Does anyone have a suggestion on how to fix the problem and still use
AVG and have it scan the email?

Beauregard T. Shagnasty
04-28-08, 04:36 PM
Howard M. Rensin wrote:

> I have just installed AVG Free Ver 7.5 and it is blocking my sending web
> pages in the body of emails.

Were the answers you got in the other group you multi-posted to
unsatisfactory?

<quote>
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
</quote>

--
-bts
-Motorcycles defy gravity; cars just suck

Sebastian G.
04-28-08, 04:41 PM
Howard M. Rensin wrote:

> I have just installed AVG Free Ver 7.5 and it is blocking my sending web
> pages in the body of emails. I am running XP SP2 on my desktop and using
> Outlook 2003 as my email client and IE 6 as my browser.


Seems like it does the right thing.

> I did not have this problem with Norton.


So you suggested the developers to add this annoyance?

> Does anyone have a suggestion on how to fix the problem and still use
> AVG and have it scan the email?

Well, what exactly is your problem? It seems to work exactly as it should:
hinder horribly insecure applications being abused for unsuitable scenarios.

bz
04-29-08, 08:08 AM
"Howard M. Rensin" <hrensin@gmail.com> wrote in
news:QoydnbkcS8nSqYvVnZ2dnUVZ_uadnZ2d@comcast.com:

> I have just installed AVG Free Ver 7.5 and it is blocking my sending web
> pages in the body of emails. I am running XP SP2 on my desktop and using
> Outlook 2003 as my email client and IE 6 as my browser. With the browser
> open and on a page I want to sent to someone, I pull down the Tools menu
> and click on the top item which is email & news. I then click on 'Send
> Page' and it opens a composition window with the web page in the body.
> If I then send that to someone, AVG blocks the entire web page and the
> only thing that comes through is AVG's message that the email has been
> scanned. I did not have this problem with Norton.
> Does anyone have a suggestion on how to fix the problem and still
> use
> AVG and have it scan the email?

E-mail should be plain text, not HTML. The behavior is correct.
If you want to send a web page to someone, send them the URL so they can
visit the page.

If you NEED to send HTML to someone, zip or compress it into a file and
rename the file so that it does NOT end in .zip (I rename mine ..piz)

The rename is because so many viruses have been sending zip files AND
Micro-soft [in their in-finite wisdom] made their mail client execute some
types of files, automatically, so that now, some ISPs filter out all mail
containing zip files as malicious.





--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-29-08, 09:19 AM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> E-mail should be plain text, not HTML. The behavior is correct.
> If you want to send a web page to someone, send them the URL so they
> can visit the page.
>
> If you NEED to send HTML to someone, zip or compress it into a file
> and rename the file so that it does NOT end in .zip (I rename mine
> ..piz)

What's wrong with HTML emails without remote content? Why the
unnecessary inconvenience with ZIP files? I understand that in some
places (e.g. newsgroups) HTML mails are inappropriate, but why this
generalization?


Regards,
Ertugrul.


--
http://ertes.de/

bz
04-29-08, 10:11 AM
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <es@ertes.de> wrote in
news:fv7aq6$ta7$02$1@news.t-online.com:

> bz <bz+csm@ch100-5.chem.lsu.edu> wrote:
>
>> E-mail should be plain text, not HTML. The behavior is correct.
>> If you want to send a web page to someone, send them the URL so they
>> can visit the page.
>>
>> If you NEED to send HTML to someone, zip or compress it into a file
>> and rename the file so that it does NOT end in .zip (I rename mine
>> ..piz)
>
> What's wrong with HTML emails without remote content? Why the
> unnecessary inconvenience with ZIP files? I understand that in some
> places (e.g. newsgroups) HTML mails are inappropriate, but why this
> generalization?

Oh, here are a few of my reasons:

1) E-mail was originally designed to convey textual information, NOT html.
Information, not 'beauty' or 'cute'.

2) html enabled e-mail clients are executing programs that others have
sent you when they render html coded text.

3) it is practially impossible to 'foolproof' such rendering so as to
protect the viewer from all possible attacks.

4) embeded images in html can tell the sender 'an idiot
just opened the e-mail I sent them' so you just told the spammer that the
e-mail address is a good one. He can now sell it to other spammers.

5) html encoded stuff takes more bytes to transmit. Often lots more.

6) html can be coded so that the viewer sees one link while being sent to a
different place on the web.

7) Those that fight spam OFTEN use text only e-mail client in self defense.
I do.
8) Some discard ALL html encoded and graphic encoded incoming e-mail,
unviewed.


There are several other good reasons that I can't think of at the moment
but they are all related to 'microsoft thought it would be cool to make
messages pretty. They assumed a small offfice environment.' Since they
came up with that bright idea, many viruses have been spread that way.
They keep plugging holes in the dike, but there are more hole yet to be
discovered.

It (html via e-mail) was a bad idea to start with. It is STILL a bad idea.
Nothing I can think of will ever make it a good idea.

Of course, opinions are like noses, everyone has one.

--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

jc
04-29-08, 10:49 AM
Ertugrul Söylemez wrote:
> bz <bz+csm@ch100-5.chem.lsu.edu> wrote:
>
>> E-mail should be plain text, not HTML. The behavior is correct.
>> If you want to send a web page to someone, send them the URL so they
>> can visit the page.
>>
>> If you NEED to send HTML to someone, zip or compress it into a file
>> and rename the file so that it does NOT end in .zip (I rename mine
>> ..piz)
>
> What's wrong with HTML emails without remote content? Why the
> unnecessary inconvenience with ZIP files? I understand that in some
> places (e.g. newsgroups) HTML mails are inappropriate, but why this
> generalization?
>
>

HTML may contain malicious script. Some people set their email clients
to view messages in plain text only.


jc

Sebastian G.
04-29-08, 12:02 PM
Ertugrul Söylemez wrote:


> What's wrong with HTML emails without remote content?

<!doctype stupid><html><head><meta name="foo"
content="bar"><title>baz</title></head><body><p>Nothing, it's very readible
if the receiver's client doesn't support HTML.</body></html>

> Why the unnecessary inconvenience with ZIP files? I understand that in some
> places (e.g. newsgroups) HTML mails are inappropriate, but why this
> generalization?


Because there's no standard for it, neither de-jure nor de-facto? because
there is a standard to include some basic formatting (text/enriched)?
Because it's a waste or bandwidth? Because eMail isn't supposed to emit any
formatting? Because HTML is meant for hypertext, not formatted documents?

Sebastian G.
04-29-08, 12:05 PM
bz wrote:


> There are several other good reasons that I can't think of at the moment
> but they are all related to 'microsoft thought it would be cool to make
> messages pretty. They assumed a small offfice environment.'


Microsoft just copied what Netscape has started. Just that Microsoft's
pseudo-mail clients where really just intended for an isolated small office
environment, and later some stupid marketing fool decided to expose them to
the Internet.

Howard M. Rensin
04-29-08, 12:41 PM
I would not keep posting if I got a real response and not some smartass
comment. I have better things to do than keep asking the same question when
I get an answer and 'change email scanners' is not an answer to an AVG
problem.

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:4816433b$0$7039$4c368faf@roadrunner.com...
> Howard M. Rensin wrote:
>
>> I have just installed AVG Free Ver 7.5 and it is blocking my sending web
>> pages in the body of emails.
>
> Were the answers you got in the other group you multi-posted to
> unsatisfactory?
>
> <quote>
> Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
> http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
> </quote>
>
> --
> -bts
> -Motorcycles defy gravity; cars just suck

Sebastian G.
04-29-08, 12:47 PM
Howard M. Rensin wrote:

> I would not keep posting if I got a real response and not some smartass
> comment. I have better things to do than keep asking the same question when
> I get an answer and 'change email scanners' is not an answer to an AVG
> problem.


It is. May I summarize your problems? Abusing Outlook Express as a mail
client and newsreader, an installed virus scanner, and then even having it
interfere with the submission of emails, those are damn serious problems all
resulting in thing not working as intended and being impossible to diagnose.
Solve these problems first and then look if the issues still persist!

Jim Watt
04-29-08, 02:16 PM
On Tue, 29 Apr 2008 13:41:12 -0400, "Howard M. Rensin"
<hrensin@gmail.com> wrote:

>I would not keep posting if I got a real response and not some smartass
>comment. I have better things to do than keep asking the same question when
>I get an answer and 'change email scanners' is not an answer to an AVG
>problem.

Its not an AVG problem, its a dumb user problem

HINT: why not turn off the email scanning?
--
Jim Watt
http://www.gibnet.com

Howard M. Rensin
04-29-08, 10:19 PM
How am I supposed to scan my email, if I turn off the scanner?
"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:1use145fhngn0mpo9m5gmmg731do16f3jk@4ax.com...
> On Tue, 29 Apr 2008 13:41:12 -0400, "Howard M. Rensin"
> <hrensin@gmail.com> wrote:
>
>>I would not keep posting if I got a real response and not some smartass
>>comment. I have better things to do than keep asking the same question
>>when
>>I get an answer and 'change email scanners' is not an answer to an AVG
>>problem.
>
> Its not an AVG problem, its a dumb user problem
>
> HINT: why not turn off the email scanning?
> --
> Jim Watt
> http://www.gibnet.com

Beauregard T. Shagnasty
04-29-08, 10:44 PM
Howard M. Rensin wrote:
[Top-posting corrected]

> "Jim Watt" wrote:
>> "Howard M. Rensin" wrote:
>>> I would not keep posting if I got a real response and not some
>>> smartass comment. I have better things to do than keep asking the
>>> same question when I get an answer and 'change email scanners' is
>>> not an answer to an AVG problem.
>>
>> Its not an AVG problem, its a dumb user problem
>>
>> HINT: why not turn off the email scanning?
>
> How am I supposed to scan my email, if I turn off the scanner?

As long as you leave the resident scanner running in the background, it
will prevent you from saving, or executing, any viruses you receive in
an email (so long as your definitions are up to date).

The links you were given explain why.

--
-bts
-Friends don't let friends drive Windows

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-30-08, 04:06 AM
"Sebastian G." <seppi@seppig.de> wrote:

> > What's wrong with HTML emails without remote content?
>
> <!doctype stupid><html><head><meta name="foo"
> content="bar"><title>baz</title></head><body><p>Nothing, it's very
> readible if the receiver's client doesn't support HTML.</body></html>

That's why usually there is also a text/plain part. Even the
mail-readers from the Outlook family generate it, so simpler readers can
display them (though the formatting is a mess).


> > Why the unnecessary inconvenience with ZIP files? I understand that
> > in some places (e.g. newsgroups) HTML mails are inappropriate, but
> > why this generalization?
>
> Because there's no standard for it, neither de-jure nor de-facto?
> because there is a standard to include some basic formatting
> (text/enriched)? [...]

MIME is a standard. It allows multipart-emails. HTML is also a
standard. Together with a standard MIME type name for HTML, that makes
HTML mails completely standardized. It's left to mail-readers how they
interpret the non-text/plain parts. Feel free to use a client, which
displays the text/plain parts only.


> Because it's a waste or bandwidth?

A waste of bandwidth? A few kilobytes per person per day? In the times
of home ADSL and gigabit backbone links? Demanding CR/LF instead of
sole LF for telnet-like protocols (including HTTP) must be a waste also.
All text-based protocols, in fact, must be a waste in your view.

You want to know, what _really_ is a waste today? Two people from the
same local subnet listening to the same internet radio station -- that
_is_ a waste of traffic. Not to mention botnets. And the internet
handles even that very well.

But no, MP3 streams via HTTP must be a waste anyway, just like graphics
on web pages and all the other fancy stuff. Back to the roots! \o/


> Because eMail isn't supposed to emit any formatting?

Oh yeah, everything that was made up in the 70s and 80s was ultimate.
There is no reason for inventions. In fact, we don't even need X11 or
OpenGL. Back to phosphor terminals! \o/


> Because HTML is meant for hypertext, not formatted documents?

Maybe HTML 1.0 was. Today, hypertext is one of many features of HTML.


Regards,
Ertugrul.


--
http://ertes.de/

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-30-08, 04:46 AM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> > What's wrong with HTML emails without remote content? Why the
> > unnecessary inconvenience with ZIP files? I understand that in some
> > places (e.g. newsgroups) HTML mails are inappropriate, but why this
> > generalization?
>
> Oh, here are a few of my reasons:

I've made a statement to most of these in my reply to Sebastian, so you
may want to have a look at <fv9cqq$7e8$02$1@news.t-online.com>, too.


> 1) [...] Information, not 'beauty' or 'cute'.

Formatting is not meant to make information beautiful or cute.


> 2) html enabled e-mail clients are executing programs that others have
> sent you when they render html coded text.

Odd, mine doesn't. Maybe I misconfigured it?


> 3) it is practially impossible to 'foolproof' such rendering so as to
> protect the viewer from all possible attacks.

HTML is much more complex than plain-text, yes. Still, we have very
good SGML and XML parsers, which are well tested and seldomly fail in a
way that can be exploited. Reinventing the wheel is a bad idea in this
place, so you would just use one of these parsers.

BTW, if it would be that bad, web browsers would be much more hazardous
to use. Consider that a mail-reader would only need a small subset of
the possible HTML extensions, e.g. it doesn't need stuff like JavaScript
and you may even decide to disregard things like CSS).


> 4) embeded images in html can tell the sender 'an idiot just opened
> the e-mail I sent them' so you just told the spammer that the e-mail
> address is a good one. He can now sell it to other spammers.

Read the first sentence of my last reply again.


> 6) html can be coded so that the viewer sees one link while being sent
> to a different place on the web.

How? Remember, we ignore JavaScript for mails, and the destination
address is shown in the status bar.


> 7) Those that fight spam OFTEN use text only e-mail client in self
> defense. I do.

That's okay. I do, too. Though I have an HTML plugin loaded, it
displays the plaintext parts by default, and displays nothing it there
is no plaintext part. I have to specifically select the HTML part, if I
want to view it.

Reason: Some HTML-enabled mail-readers format their plaintext parts
that horribly, that the HTML part is just much more readable. Products
from the Outlook family are one example.


> 8) Some discard ALL html encoded and graphic encoded incoming e-mail,
> unviewed.

Those people don't do serious business. 90% of my incoming business
emails have an HTML part.


> There are several other good reasons that I can't think of at the
> moment but they are all related to 'microsoft thought it would be cool
> to make messages pretty. They assumed a small offfice environment.'
> Since they came up with that bright idea, many viruses have been
> spread that way. They keep plugging holes in the dike, but there are
> more hole yet to be discovered.

They were the first to use the MIME and HTML standards in that way. How
they did it was rather abusive, but we shouldn't demonize a technology
just because one damn company misimplemented it.


> It (html via e-mail) was a bad idea to start with. It is STILL a bad
> idea. Nothing I can think of will ever make it a good idea.

People like you said similar things when color TVs, CRT monitors (as
opposed to phosphor), LCD monitors (as opposed to CRT), graphics cards,
OpenGL, fancy user interfaces, mice, 32-bit processors and other things
came out. They are more complex and so more likely to fail, and we
would never really need them.

It's a matter of taste. Feel free to tell us your opinion, but remember
that your opinion is based on the state of things, not the other way
round.


> Of course, opinions are like noses, everyone has one.

That sounds like you'd like it to be different.


Regards,
Ertugrul.


--
http://ertes.de/

Jim Watt
04-30-08, 07:01 AM
On Tue, 29 Apr 2008 23:19:44 -0400, "Howard M. Rensin"
<hrensin@gmail.com> wrote:

>How am I supposed to scan my email, if I turn off the scanner?

Why do you think you need to scan your email?

If you have AVG installed it will prevent, to the best of its
ability and updates, any malicious stuff from running.

You can further enhance your security by running as a user
with limited rights.

If you are running outlook express, dump it and replace it
with Thunderbird which is more secure and has fewer problems.
If you want to use newsgroups regularly get a proper news
client, as no doubt Sebastian has mentioned OE does it badly.

Thunderbird also warns you of things it is suspicious of, like
phishing attempts and if you get lots of mails you do not recognise
delete them without opening them.

--
Jim Watt
http://www.gibnet.com

Jim Watt
04-30-08, 07:03 AM
On Wed, 30 Apr 2008 11:46:56 +0200, Ertugrul Söylemez <es@ertes.de>
wrote:

>> It (html via e-mail) was a bad idea to start with. It is STILL a bad
>> idea. Nothing I can think of will ever make it a good idea.
>
>People like you said similar things when color TVs, CRT monitors (as
>opposed to phosphor), LCD monitors (as opposed to CRT), graphics cards,
>OpenGL, fancy user interfaces, mice, 32-bit processors and other things
>came out.

Some people also thought that eight track audio tapes, Betamax and
LED digital watches were a pretty neat idea.

I see HD DVD has joined the list too.

HTML mail sucks.
--
Jim Watt
http://www.gibnet.com

bz
04-30-08, 07:08 AM
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <es@ertes.de> wrote in news:fv9f6g$io9$03
$1@news.t-online.com:

> bz <bz+csm@ch100-5.chem.lsu.edu> wrote:
>
>> > What's wrong with HTML emails without remote content? Why the
>> > unnecessary inconvenience with ZIP files? I understand that in some
>> > places (e.g. newsgroups) HTML mails are inappropriate, but why this
>> > generalization?
>>
>> Oh, here are a few of my reasons:
>
> I've made a statement to most of these in my reply to Sebastian, so you
> may want to have a look at <fv9cqq$7e8$02$1@news.t-online.com>, too.
>
>
>> 1) [...] Information, not 'beauty' or 'cute'.
>
> Formatting is not meant to make information beautiful or cute.

What is it meant for?

>
>
>> 2) html enabled e-mail clients are executing programs that others have
>> sent you when they render html coded text.
>
> Odd, mine doesn't. Maybe I misconfigured it?

Maybe you and I disagree a bit on what is meant by 'executing programs'.
And maybe you and I see different sides of the problem. You seem concerned
with protecting YOUR computer.

I, on the other hand, clean computers for people after they have been
infected due to clueless use.

>> 3) it is practically impossible to 'foolproof' such rendering so as to
>> protect the viewer from all possible attacks.
>
> HTML is much more complex than plain-text, yes. Still, we have very
> good SGML and XML parsers, which are well tested and seldomly fail in a
> way that can be exploited.

'Seldom' is too often.

> Reinventing the wheel is a bad idea in this
> place, so you would just use one of these parsers.

I see people spend hundreds of hours making their HTML 'look right' on
their screen. They don't realize that the format and display is platform
and browser dependent. Even when it is explained to them, they still don't
'get it' on a deep level and STILL try to make it 'look right' on their
screen. They don't 'get it' until I show them how it looks on another
computer.

Using HTML in e-mail is like gluing flowers on your car's tires.

It looks pretty until your try to use it.

Some of the flowers (roses for example) have thorns and poke holes in the
tires.

> BTW, if it would be that bad, web browsers would be much more hazardous
> to use.

They are much more hazardous than you imagine. I see infected machines
every day, usually infected by browsing or reading e-mails.


> Consider that a mail-reader would only need a small subset of
> the possible HTML extensions, e.g. it doesn't need stuff like JavaScript
> and you may even decide to disregard things like CSS).

And do these things come 'turned off' by default?

I turn off all html rendering AND do not 'preview'. Not only that, but any
suspicious e-mail I 'view source' rather than opening.

And I use thunderbird. But the users in my department use Outlook and
Outlook express. Their machines get infected.

When I want to open a suspicious e-mail, I open it on a 'sandbox' machine
running under VMware or boot from a KNOPPIX cd.

>> 4) embedded images in html can tell the sender 'an idiot just opened
>> the e-mail I sent them' so you just told the spammer that the e-mail
>> address is a good one. He can now sell it to other spammers.
>
> Read the first sentence of my last reply again.

Your responsibility seems limited to your machines.

>> 6) html can be coded so that the viewer sees one link while being sent
>> to a different place on the web.
>
> How? Remember, we

You have a mouse in your pocket? Who is 'we'.
How would you get 40,000 students and 3,000 faculty/staff to 'practice safe
hex'?

>ignore JavaScript for mails, and the destination
> address is shown in the status bar.

That feature can be disabled. It can also be fooled and you seem to assume
that the user LOOKS at the status bar before they click on the link.
I'll bet that even YOU have 'clicked first', sometime.

>> 7) Those that fight spam OFTEN use text only e-mail client in self
>> defense. I do.
>
> That's okay. I do, too. Though I have an HTML plugin loaded, it
> displays the plaintext parts by default, and displays nothing it there
> is no plaintext part. I have to specifically select the HTML part, if I
> want to view it.
>
> Reason: Some HTML-enabled mail-readers format their plaintext parts
> that horribly, that the HTML part is just much more readable.

You assume that all HTML rendering is good and readable. I was just looking
at a web page where text was overlaying other text.

> Products
> from the Outlook family are one example.

Microsoft's fault.


>> 8) Some discard ALL html encoded and graphic encoded incoming e-mail,
>> unviewed.
>
> Those people don't do serious business.

What you call 'serious business', some others might consider to be chicken
feed.

> 90% of my incoming business
> emails have an HTML part.

If you handle your 'serious business' via e-mail, you have a problem.

E-mail never has been and never will be reliable. E-mails get lost.

That is why 'serious companies' do not allow the use of e-mail for 'serious
business'. It IS useful for some things but if you want to make sure your
message gets through, talk to them on the telephone, confirm via fax. Check
via e-mail to make sure the fax got through ok.

90% of my incoming spam has HTML. Eliminating HTML eliminates 90% of the
spam.

>> There are several other good reasons that I can't think of at the
>> moment but they are all related to 'microsoft thought it would be cool
>> to make messages pretty. They assumed a small offfice environment.'
>> Since they came up with that bright idea, many viruses have been
>> spread that way. They keep plugging holes in the dike, but there are
>> more hole yet to be discovered.
>
> They were the first to use the MIME and HTML standards in that way. How
> they did it was rather abusive, but we shouldn't demonize a technology
> just because one damn company misimplemented it.

I don't demonize it 'just because....'
I 'demonize it' because it was a bad idea and has yet to be implemented
properly.
And because Microsoft continues to mis-implement it!

>> It (html via e-mail) was a bad idea to start with. It is STILL a bad
>> idea. Nothing I can think of will ever make it a good idea.
>
> People like you said similar things when color TVs, CRT monitors (as
> opposed to phosphor), LCD monitors (as opposed to CRT), graphics cards,
> OpenGL, fancy user interfaces, mice, 32-bit processors and other things
> came out. They are more complex and so more likely to fail, and we
> would never really need them.

I have been playing with computers since 1964 and electronics longer than
that.
I have fixed those TVs etc for a living, done board repair on computers for
a living, programmed for a living.

I like 'new and improved' when it is really improved.

> It's a matter of taste. Feel free to tell us your opinion, but remember
> that your opinion is based on the state of things, not the other way
> round.

You ASKED. I answered.

>> Of course, opinions are like noses, everyone has one.
>
> That sounds like you'd like it to be different.

There are many things I would like to see improved.



--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Sebastian G.
04-30-08, 07:24 AM
Howard M. Rensin wrote:

> How am I supposed to scan my email, if I turn off the scanner?


Not at all?

Sebastian G.
04-30-08, 07:45 AM
Ertugrul Söylemez wrote:

> "Sebastian G." <seppi@seppig.de> wrote:
>
>>> What's wrong with HTML emails without remote content?
>> <!doctype stupid><html><head><meta name="foo"
>> content="bar"><title>baz</title></head><body><p>Nothing, it's very
>> readible if the receiver's client doesn't support HTML.</body></html>
>
> That's why usually there is also a text/plain part.


usually = not quite often?

What about MIME? There the plain/text part you get just reads "This is a
multipart MIME message".


>> Because there's no standard for it, neither de-jure nor de-facto?
>> because there is a standard to include some basic formatting
>> (text/enriched)? [...]
>
> MIME is a standard. It allows multipart-emails. HTML is also a
> standard. Together with a standard MIME type name for HTML, that makes
> HTML mails completely standardized.


No. It makes HTML files as attachments standardized.

>> Because it's a waste or bandwidth?
>
> A waste of bandwidth? A few kilobytes per person per day?


Would you please think of the children^W dial-up users?

> Demanding CR/LF instead of
> sole LF for telnet-like protocols (including HTTP) must be a waste also.


No. Actually I think the CR/LF interpretation is the correct one, and HTTP
is supposed to be human-readable on pure terminals.

> You want to know, what _really_ is a waste today? Two people from the
> same local subnet listening to the same internet radio station -- that
> _is_ a waste of traffic.


Well, it's not like my systems would deny the usage of multicast. You have
to blame my ISP.

>> Because eMail isn't supposed to emit any formatting?
>
> Oh yeah, everything that was made up in the 70s and 80s was ultimate.
> There is no reason for inventions. In fact, we don't even need X11 or
> OpenGL. Back to phosphor terminals!


Stupid. If you want a protocol for formatted documents, then either propose
a standard extension to eMail or a completely new protocol.

>> Because HTML is meant for hypertext, not formatted documents?
>
> Maybe HTML 1.0 was. Today, hypertext is one of many features of HTML.


Hypertext is the primary feature of HTML, even today.

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-30-08, 08:43 AM
"Sebastian G." <seppi@seppig.de> wrote:

> >>> What's wrong with HTML emails without remote content?
> >>
> >> <!doctype stupid><html><head><meta name="foo"
> >> content="bar"><title>baz</title></head><body><p>Nothing, it's very
> >> readible if the receiver's client doesn't support
> >> HTML.</body></html>
> >
> > That's why usually there is also a text/plain part.
>
> usually = not quite often?

I can't confirm that.


> What about MIME? There the plain/text part you get just reads "This is
> a multipart MIME message".

No, that's the prolog of the MIME message, before the first part stats,
so that non-MIME-compliant mail-readers show the fact to the user.


> >> Because there's no standard for it, neither de-jure nor de-facto?
> >> because there is a standard to include some basic formatting
> >> (text/enriched)? [...]
> >
> > MIME is a standard. It allows multipart-emails. HTML is also a
> > standard. Together with a standard MIME type name for HTML, that
> > makes HTML mails completely standardized.
>
> No. It makes HTML files as attachments standardized.

MIME doesn't have an 'attachment' concept. A MIME message is made up of
parts, none of which are 'main', 'primary' or 'attached'.


> >> Because it's a waste or bandwidth?
> >
> > A waste of bandwidth? A few kilobytes per person per day?
>
> Would you please think of the children^W dial-up users?

The difference is neglible for them. Even if a 33.6 kbit/s dial-up user
receives 50 mails a day, the time difference (for the whole day) will be
about 30 seconds, assuming that the HTML parts are 4 KB in average,
which is pretty exaggerated.


> > Demanding CR/LF instead of sole LF for telnet-like protocols
> > (including HTTP) must be a waste also.
>
> No. Actually I think the CR/LF interpretation is the correct one, and
> HTTP is supposed to be human-readable on pure terminals.

And Unix thinks, LF is the correct one. Who cares? CR/LF is a waste of
bandwidth.


> >> Because eMail isn't supposed to emit any formatting?
> >
> > Oh yeah, everything that was made up in the 70s and 80s was
> > ultimate. There is no reason for inventions. In fact, we don't
> > even need X11 or OpenGL. Back to phosphor terminals!
>
> Stupid. If you want a protocol for formatted documents, then either
> propose a standard extension to eMail or a completely new protocol.

That would be MIME.


> >> Because HTML is meant for hypertext, not formatted documents?
> >
> > Maybe HTML 1.0 was. Today, hypertext is one of many features of
> > HTML.
>
> Hypertext is the primary feature of HTML, even today.

Even then HTML also features direct formatting (through tags and
attributes, the 'wrong' way) and indirect formatting (through markup,
the 'right' way). And IMO there is nothing wrong with providing
hypertext capabilities to mail-readers. But that's just my opinion.


Regards,
Ertugrul.


--
http://ertes.de/

bz
04-30-08, 09:40 AM
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <es@ertes.de> wrote in news:fv9t16$om0$00$1
@news.t-online.com:

> MIME doesn't have an 'attachment' concept. A MIME message is made up of
> parts, none of which are 'main', 'primary' or 'attached'.

I suggest you study the SMTP protocol such as RFC2821.
It starts with a 'MAIL FROM:', 'RCPT TO:' and then comes the 'DATA <CRLF>'

ALL of the message, including the 'header' that you see (except for the most
recent section) are part of the
'DATA' section of the message.

There are no separate 'attachments'. It is all part of the DATA.

caviat: some mail gateways limit the size of a single message to about 25
k bytes. This means that larger messages are actually transmitted as a
string of messages that get reassembled by the receiving SMTP mail server.
It also means that that 1 MB HTML formatted message with graphics gets
encoded [8 bit binary takes 2 bytes] and then broken up into about 80
separate e-mail messages.

--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-30-08, 11:16 AM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> > Formatting is not meant to make information beautiful or cute.
>
> What is it meant for?

Making it more readable, highlighting parts of it, influencing the way
it is interpreted.


> >> 2) html enabled e-mail clients are executing programs that others
> >> have sent you when they render html coded text.
> >
> > Odd, mine doesn't. Maybe I misconfigured it?
>
> Maybe you and I disagree a bit on what is meant by 'executing
> programs'.

In my view, you can talk about 'executing programs' as soon as
interpreting data goes beyond changing or visualizing it.


> And maybe you and I see different sides of the problem. You seem
> concerned with protecting YOUR computer.

Yes, that's true.


> I, on the other hand, clean computers for people after they have been
> infected due to clueless use.

Maybe you would be unemployed if all computer users were clueful.


> >> 3) it is practically impossible to 'foolproof' such rendering so as
> >> to protect the viewer from all possible attacks.
> >
> > HTML is much more complex than plain-text, yes. Still, we have very
> > good SGML and XML parsers, which are well tested and seldomly fail
> > in a way that can be exploited.
>
> 'Seldom' is too often.

'Seldom' is the best you can get. Computer programs are always
error-prone.


> > Reinventing the wheel is a bad idea in this place, so you would just
> > use one of these parsers.
>
> I see people spend hundreds of hours making their HTML 'look right' on
> their screen. They don't realize that the format and display is
> platform and browser dependent. Even when it is explained to them,
> they still don't 'get it' on a deep level and STILL try to make it
> 'look right' on their screen. They don't 'get it' until I show them
> how it looks on another computer.
>
> Using HTML in e-mail is like gluing flowers on your car's tires.
>
> It looks pretty until your try to use it.
>
> Some of the flowers (roses for example) have thorns and poke holes in
> the tires.

Well, all this is not HTML's fault. It's the fault of how people
interpret and use it.


> > BTW, if it would be that bad, web browsers would be much more
> > hazardous to use.
>
> They are much more hazardous than you imagine. I see infected machines
> every day, usually infected by browsing or reading e-mails.

That's, as you said, because of clueless use.


> > Consider that a mail-reader would only need a small subset of the
> > possible HTML extensions, e.g. it doesn't need stuff like JavaScript
> > and you may even decide to disregard things like CSS).
>
> And do these things come 'turned off' by default?
>
> [...]

No, and again, that isn't HTML's fault.


> >> 4) embedded images in html can tell the sender 'an idiot just
> >> opened the e-mail I sent them' so you just told the spammer that
> >> the e-mail address is a good one. He can now sell it to other
> >> spammers.
> >
> > Read the first sentence of my last reply again.
>
> Your responsibility seems limited to your machines.

Yes, but again, you might need to find another job, if those problems
weren't present.


> >> 6) html can be coded so that the viewer sees one link while being
> >> sent to a different place on the web.
> >
> > How? Remember, we
>
> You have a mouse in your pocket? Who is 'we'.
> How would you get 40,000 students and 3,000 faculty/staff to 'practice
> safe hex'?
>
> > ignore JavaScript for mails, and the destination address is shown in
> > the status bar.
>
> That feature can be disabled. It can also be fooled and you seem to
> assume that the user LOOKS at the status bar before they click on the
> link. I'll bet that even YOU have 'clicked first', sometime.

Sure, but that's okay. I notice it in the address bar of my browser at
the latest. But your point is true. In a larger scale, that can surely
be abused. My point, however, is that it isn't HTML's fault. Used
properly, HTML emails are useful.


> > That's okay. I do, too. Though I have an HTML plugin loaded, it
> > displays the plaintext parts by default, and displays nothing it
> > there is no plaintext part. I have to specifically select the HTML
> > part, if I want to view it.
> >
> > Reason: Some HTML-enabled mail-readers format their plaintext parts
> > that horribly, that the HTML part is just much more readable.
>
> You assume that all HTML rendering is good and readable. I was just
> looking at a web page where text was overlaying other text.

But if the plaintext part is totally unreadable (e.g. each paragraph in
one long line, as Outlook tends to format the plaintext parts), then I
prefer to read the HTML part, which is well readable in most cases.


> >> 8) Some discard ALL html encoded and graphic encoded incoming
> >> e-mail, unviewed.
> >
> > Those people don't do serious business.
>
> What you call 'serious business', some others might consider to be
> chicken feed.

Depends. You will have lots of customers and allies, who don't have a
clue about electronic data processing. They usually use Outlook, and
they usually send HTML mails. Some of them even prefer email over other
media. Sad, but true.

Not viewing the HTML parts automatically is a good idea. Dropping mails
unread just because they contain an HTML part is a bad idea. You may
want to drop emails, which _only_ contain an HTML part, though. I
haven't seen many clients do or even allow that, but for example AtMail
does.


> > 90% of my incoming business emails have an HTML part.
>
> If you handle your 'serious business' via e-mail, you have a problem.

I get quite a few customer requests via email. Not my fault, I have a
telephone, but still some customers prefer that way.


> E-mail never has been and never will be reliable. E-mails get lost.
>
> That is why 'serious companies' do not allow the use of e-mail for
> 'serious business'. It IS useful for some things but if you want to
> make sure your message gets through, talk to them on the telephone,
> confirm via fax. Check via e-mail to make sure the fax got through ok.

I don't initiate 'serious business' via email, but some people seem to
prefer it over other media. And I've also never said anything about the
quality of the email medium. I just say that IMO there is nothing wrong
with HTML emails.


> 90% of my incoming spam has HTML. Eliminating HTML eliminates 90% of
> the spam.

True.


> I like 'new and improved' when it is really improved.

Improvements often come with problems, at least with more complexity.


Regards,
Ertugrul.


--
http://ertes.de/

bz
04-30-08, 11:57 AM
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <es@ertes.de> wrote in news:fva61c$gg3$01
$1@news.t-online.com:

>> I, on the other hand, clean computers for people after they have been
>> infected due to clueless use.
>
> Maybe you would be unemployed if all computer users were clueful.

If there were no malware, worms, viruses, trojans, bots, spam, phishing,
etc., then I could do more of what I was originally hired for, to help
researchers with their computer needs.
And they could spend their time doing science rather than figuring out why
their computer is acting strange.

I was busy enough, long before the internet existed.

When I finally convince a user to stop using HTML for e-mail, their
problems get much less frequent.

As for text being hard to read, if in thunderbird you turn on
mail.wrap_long_lines
and
view_source.wrap_long_lines

you should be able to read the text without horizontal scrolling.

Sometimes to reply, you will need 'rewrap' the quoted text.




--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
04-30-08, 12:34 PM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> >> I, on the other hand, clean computers for people after they have
> >> been infected due to clueless use.
> >
> > Maybe you would be unemployed if all computer users were clueful.
>
> If there were no malware, worms, viruses, trojans, bots, spam,
> phishing, etc., then I could do more of what I was originally hired
> for, to help researchers with their computer needs.
> And they could spend their time doing science rather than figuring out
> why their computer is acting strange.

True.


> As for text being hard to read, if in thunderbird you turn on
> mail.wrap_long_lines
> and
> view_source.wrap_long_lines
>
> you should be able to read the text without horizontal scrolling.

I don't do horizontal scrolling, but I'd need to reduce my window
width. For an HTML mail, I just enforce:

p { max-width: 80ex; }


Regards,
Ertugrul.


--
http://ertes.de/

Jim Watt
04-30-08, 01:40 PM
On Wed, 30 Apr 2008 14:03:51 +0200, Jim Watt <jimwatt@aol.no_way>
wrote:

>On Wed, 30 Apr 2008 11:46:56 +0200, Ertugrul Söylemez <es@ertes.de>
>wrote:
>
>>> It (html via e-mail) was a bad idea to start with. It is STILL a bad
>>> idea. Nothing I can think of will ever make it a good idea.
>>
>>People like you said similar things when color TVs, CRT monitors (as
>>opposed to phosphor), LCD monitors (as opposed to CRT), graphics cards,
>>OpenGL, fancy user interfaces, mice, 32-bit processors and other things
>>came out.
>
>Some people also thought that eight track audio tapes, Betamax and
>LED digital watches were a pretty neat idea.
>
>I see HD DVD has joined the list too.
>
>HTML mail sucks.
--
Jim Watt
http://www.gibnet.com

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
05-05-08, 05:25 AM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> > MIME doesn't have an 'attachment' concept. A MIME message is made up of
> > parts, none of which are 'main', 'primary' or 'attached'.
>
> I suggest you study the SMTP protocol such as RFC2821.
> It starts with a 'MAIL FROM:', 'RCPT TO:' and then comes the 'DATA
> <CRLF>'
>
> ALL of the message, including the 'header' that you see (except for
> the most recent section) are part of the 'DATA' section of the
> message.
>
> There are no separate 'attachments'. It is all part of the DATA.

You're missing the context. We were talking about how the messages have
to be formatted, not about how they are transferred.


Regards,
Ertugrul.


--
http://ertes.de/

bz
05-05-08, 07:07 AM
Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <es@ertes.de> wrote in
news:fvmn9v$krg$00$1@news.t-online.com:

> bz <bz+csm@ch100-5.chem.lsu.edu> wrote:
>
>> > MIME doesn't have an 'attachment' concept. A MIME message is made up
>> > of parts, none of which are 'main', 'primary' or 'attached'.
>>
>> I suggest you study the SMTP protocol such as RFC2821.
>> It starts with a 'MAIL FROM:', 'RCPT TO:' and then comes the 'DATA
>> <CRLF>'
>>
>> ALL of the message, including the 'header' that you see (except for
>> the most recent section) are part of the 'DATA' section of the
>> message.
>>
>> There are no separate 'attachments'. It is all part of the DATA.
>
> You're missing the context. We were talking about how the messages have
> to be formatted, not about how they are transferred.

You missed my point.

The contents of each message is text.
Plain ASCII text.
ALL 'attachments' end up as part of the 'DATA' portion of the message and
are transmitted as plain ASCII text.

If you want to communicate most reliably, you will stick to plain ASCII
text. If you want to communicate most economically, you will stick to
plain ASCII text. If you want to communicate most safely, you will stick
to plain ASCII text.

Any encoding, such as mime and HTML simply add hazards and complexity.
They add 'bling' but they most often prove to be an unnecessary and
unneeded conduit for infection and a reliable sign of spam.

That is not to say that they are not valuable for languages that can not
be represented in plain ASCII, but there is no reason for me to need to
send or receive such messages.





--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?=
05-05-08, 11:48 AM
bz <bz+csm@ch100-5.chem.lsu.edu> wrote:

> >> > MIME doesn't have an 'attachment' concept. A MIME message is
> >> > made up of parts, none of which are 'main', 'primary' or
> >> > 'attached'.
> >>
> >> I suggest you study the SMTP protocol such as RFC2821.
> >> It starts with a 'MAIL FROM:', 'RCPT TO:' and then comes the 'DATA
> >> <CRLF>'
> >>
> >> ALL of the message, including the 'header' that you see (except for
> >> the most recent section) are part of the 'DATA' section of the
> >> message.
> >>
> >> There are no separate 'attachments'. It is all part of the DATA.
> >
> > You're missing the context. We were talking about how the messages
> > have to be formatted, not about how they are transferred.
>
> You missed my point.
>
> The contents of each message is text.
> Plain ASCII text.
> ALL 'attachments' end up as part of the 'DATA' portion of the message
> and are transmitted as plain ASCII text.
>
> If you want to communicate most reliably, you will stick to plain
> ASCII text. If you want to communicate most economically, you will
> stick to plain ASCII text. If you want to communicate most safely, you
> will stick to plain ASCII text.
>
> Any encoding, such as mime and HTML simply add hazards and complexity.
> They add 'bling' but they most often prove to be an unnecessary and
> unneeded conduit for infection and a reliable sign of spam.

Ah okay, so your reply was actually to something different than what you
quoted. However, the complexity added by MIME is tolerable in my
opinion. Almost every invention makes things more complex.

I admit that HTML does add quite some complexity, which is quite more
than that added by MIME. But other standards are much more complex, and
you really shouldn't always take Microsoft's implementations as
examples.


> That is not to say that they are not valuable for languages that can
> not be represented in plain ASCII, but there is no reason for me to
> need to send or receive such messages.

You don't need MIME for messages in other character sets than ASCII.


Regards,
Ertugrul.


--
http://ertes.de/