Thunderbird - HTML mail dangerous?

Discussion in 'Firefox' started by DN, Apr 15, 2006.

  1. DN

    DN Guest

    My understanding is that HTML email poses a security threat to a recipient
    receiving it. I've started using Thunderbird but have some questions about
    how it handles HTML mail. HTML mail that I receive all has a yellow
    background but I can see the original format by going to view->message
    body->original HTML. When I view mail and it has a yellow background, is
    the HTML being interpreted/displayed by Thunderbird at all?

    Should I be concerned about HTML mail in Thunderbird or has Thunderbird
    closed HTML mail security holes?

    Thanks.
    DN, Apr 15, 2006
    #1
    1. Advertising

  2. DN wrote:
    > My understanding is that HTML email poses a security threat to a recipient
    > receiving it. I've started using Thunderbird but have some questions about
    > how it handles HTML mail. HTML mail that I receive all has a yellow
    > background but I can see the original format by going to view->message
    > body->original HTML. When I view mail and it has a yellow background, is
    > the HTML being interpreted/displayed by Thunderbird at all?
    >
    > Should I be concerned about HTML mail in Thunderbird or has Thunderbird
    > closed HTML mail security holes?
    >
    > Thanks.



    HTML does not pose a 'threat' - if it did, the web would close down <g>
    it runs on HTML.

    I always accept HTML mail and in over nine years on the internet have
    yet to run into anything bad because of it.

    Some 'claim' that spammers can use HTML to verify your address. While it
    is 'possible' it occurs about 10 out of 10,000 spam messages, or about
    once a year for most users.

    Thunderbird gives you the option to view only in plain text, if that
    concerns you tho. If you choose such, then the HTML is ignored.
    View-->Messages-->As Plain Text

    Thunderbird also gives you an option to 'sanitize' HTML from messages it
    (or you) has identified as spam

    Tools-->Junk Mail Controls
    X When displaying HTML messages marked as junk, sanitize the HTML

    HTML message disply with a yellow background for you because you have
    told Thunderbird to do that

    [Thunderbird-->Preferences]*-->Display [Formatting]
    When displaying HTML message use the following

    *varies by OS
    Windows
    [Tools-->Options]
    Linux
    [Edit-->Preferences]
    Mac as above
    Moz Champion (Dan), Apr 16, 2006
    #2
    1. Advertising

  3. DN

    Miller Guest

    *Moz Champion (Dan)* wrote on 16.04.06 01:25:

    > Thunderbird gives you the option to view only in plain text, if that
    > concerns you tho. If you choose such, then the HTML is ignored.
    > View-->Messages-->As Plain Text


    There's also a nice extension out there, which gives you a
    toolbar-button to toggle HTML on and off:
    http://www.tom-cat.com/mozilla/extensions.html#togglehtml

    HTH, BM
    Miller, Apr 16, 2006
    #3
  4. On 2006-04-15, DN <dn@12345.12345.invalid> wrote:

    > My understanding is that HTML email poses a security threat to a recipient
    > receiving it. I've started using Thunderbird but have some questions about
    > how it handles HTML mail. HTML mail that I receive all has a yellow
    > background but I can see the original format by going to view->message
    > body->original HTML. When I view mail and it has a yellow background, is
    > the HTML being interpreted/displayed by Thunderbird at all?
    >
    > Should I be concerned about HTML mail in Thunderbird or has Thunderbird
    > closed HTML mail security holes?


    Most html mail exploits have been aimed at Outlook users, for a variety of
    reasons (market share, tight integration with the underlying OS means a
    successful exploit can give the attacker access to anything on the
    machine, autoexecution of attachments, etc.), but html mail
    with Thunderbird can still be a problem. Some spammers and other low-lifes
    put web bugs in their html messages so that when they are opened, the
    spammer will know and can extract your IP address from the GET request for
    the web bug. You can eliminate this with Thunderbird at least by disabling
    loading of remote images or by using an obfuscating proxy (e.g. "tor") to
    disguise your IP address.

    --

    John ()
    John Thompson, Apr 16, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Telrenner
    Replies:
    2
    Views:
    460
    Ted Mittelstaedt
    Oct 16, 2003
  2. =?Windows-1252?Q?Frisbee=AE?=

    Re: PC use is dangerous

    =?Windows-1252?Q?Frisbee=AE?=, Jul 22, 2004, in forum: MCSE
    Replies:
    0
    Views:
    406
    =?Windows-1252?Q?Frisbee=AE?=
    Jul 22, 2004
  3. Neil
    Replies:
    0
    Views:
    388
  4. janet
    Replies:
    11
    Views:
    1,757
    Beauregard T. Shagnasty
    Dec 17, 2007
  5. Monima
    Replies:
    0
    Views:
    1,785
    Monima
    Dec 14, 2010
Loading...

Share This Page