that file. For example, if you attach a Microsoft Word file, and the recipient of your message
is using a word processor that can't open MS Word files, that person isn't going to be able to
open your attachment and they are less than likely to be very happy about it.
2. HTML or MIME messages are larger and more wasteful than simple text messages. Using
HTML or MIME in E-mail messages makes the messages larger in size by a mimimum of
two thirds to more than twenty times. These will take longer to download and they take up
more storage space than standard plain text E-mail messages.
E-mail storage is important because many people retain copies of messages they receive and
in the case of mailing list digests , the individual messages are combined in one large
message and sent to the user at the end of the day. Some mailing list programs fail to format
the digest correctly if HTML messages appear. In addition, many mailing lists archive the
messages for periods of 6 months or more to enable users to search for particular past
postings.
3. HTML or MIME messages leave or include unwanted files (attachments) on the machines of
the recipients of these messages.
4. Embedded HTML or MIME attachments are the number one method of spreading virus,
worm or Trojan programs.
For instance, the Forgotten worm was written in Visual Basic Script and spread without any
attachment. Instead, the worm code was embedded into the HTML formatted message body.
The I Love You worm program exploited an ActiveX vulnerability and was executed just by
viewing or previewing the e-mail message without opening any attachment.
Likewise, embedded code could exploit some MS Office vulnerability as with Office ODBC
Vulnerabilites and Specially Formed Script in HTML Mail can Execute in Exchange 5.5
HTML messages can trigger dialups to the Internet if they contain links to specific images
called "web bugs" that are used to track message and advertiser viewing. See Web Bug FAQ
MIME encoded attachments with file extensions (BAT, COM, DOC, EML, EXE, HTA, JS,
PPT, SHS, VBE, VBS, WSH, XL#) have been the most common method of sending viruses,
worms and Trojan programs because their code will be executed by Windows and associated
viewers or other MS programs when the attachment is opened. Windows uses the extension
to determine what the default action on a file will be. For instance, a .txt file will open in
Notepad and a .html file will open in Internet Explorer.
Uncommon, but no less dangerous are file extensions (386, ACM, ACV, ADT, AX, BIN,
BTM, CLA, CPL, CSC, CSH, DEV, DLL, DOT, DRV, HLP, HTM, HTT, INF, INI, JSE,
JTD, MDB, MP#, MPP, MPT, MSO, OBD, OBT, OCX, OLE, OV#, PIF, PL, PM, POT,
PP#, PPS, PRC, RAR, RTF, SCR, SH, SHB, SMM, SYS, VSD, VSS, VST, VXD, WSF,
XL#, XLB, XTP).
5. HTML quickly fills the memory of PDAs (Personal Digital Assistants like the Palm Pilot). In
addition, many HTML messages are also completely unreadable on most PDAs.
6. Some e-mail recipients may have set their background to something other than white, may