The User Level: Just Say “No” to HTML E-mail
As an employee, you must be forewarned about the use of HTML e-mail. There are several reasons why HTML e-mail is a bad practice. These include that HTML wastes bandwidth and computing resources, doesn’t always display properly, and can be mistakenly flagged as spam. But, the number one reason to avoid HTML e-mail is the security threat it poses to systems and data.
Viruses, through the use of HTML formatting, is a great concern. Popular clients (e.g. Outlook) that display HTML e-mail have essentially embedded a web browser into the software that is capable of running scripts and downloading images from external sites just by viewing a message. As vulnerabilities and bugs are discovered in these clients, exploits have been used to spread viruses and malware without using attachments. The e-mail simply has to be viewed.
It’s a viscous cycle! One that you can avoid by choosing a different default format (e.g. plain text) in your e-mail client!