Security Vulnerabilities
HTML allows for a link to have a different target than the link's text. This can be used in phishing attacks, in which users are fooled into believing that a link points to the website of an authoritative source (such as a bank), visiting it, and unintentionally revealing personal details (like bank account numbers) to a scammer.
If an email contains web bugs (inline content from an external server, such as a picture), the server can alert a third party that the email has been opened. This is a potential privacy risk, revealing that an email address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some email clients do not load external images until requested to by the user.
During periods of increased network threats, the US Department of Defense converts all incoming HTML email to text email.
The multipart type is intended to show the same content in different ways, but this is sometimes abused; some email spam takes advantage of the format to trick spam filters into believing that the message is legitimate. They do this by including innocuous content in the text part of the message and putting the spam in the HTML part (that which is displayed to the user).
Most email spam is sent in HTML for these reasons, so spam filters sometimes give higher spam scores to HTML messages.
Read more about this topic: HTML Email
Famous quotes containing the word security:
“I think the girl who is able to earn her own living and pay her own way should be as happy as anybody on earth. The sense of independence and security is very sweet.”
—Susan B. Anthony (1820–1906)