The User Level: Just Say “No” to HTML E-mail
As an employee, you must be forewarned about the use of HTML e-mail. There are several reasons why HTML e-mail is a bad practice. These include that HTML wastes bandwidth and computing resources, doesn’t always display properly, and can be mistakenly flagged as spam. But, the number one reason to avoid HTML e-mail is the security threat it poses to systems and data.
Viruses, through the use of HTML formatting, is a great concern. Popular clients (e.g. Outlook) that display HTML e-mail have essentially embedded a web browser into the software that is capable of running scripts and downloading images from external sites just by viewing a message. As vulnerabilities and bugs are discovered in these clients, exploits have been used to spread viruses and malware without using attachments. The e-mail simply has to be viewed.
There are also privacy concerns with HTML formatted e-mail. Spammers and advertisers can confirm your address, gather statistics, and identify someone by coding messages to open specific images on a remote server or through the use of cookies. In addition, this is a very good way to increase the amount of spam you receive.
It’s a viscous cycle! One that you can avoid by choosing a different default format (e.g. plain text) in your e-mail client!