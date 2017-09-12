The Only Safe Email is Text-Only Email (theconversation.com) 60
Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).
D'oh (Score:1)
When you try to sound sincere but link to a PDF!
Want to know why? Read the PDF! (Score:1)
"...should return to plain-text email (PDF)."
That's hilarious.
Text-only Email safe? (Score:1)
What about spoofing and social engineering?
Re: (Score:1)
Heh... What about unicode [unicode.org]?
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
I'm not sure if a text reader should even include extended ASCII. I mean, why take the chance?
Re: (Score:1)
There's always the code page...
Re: (Score:2)
Emojis are stupid
Re: (Score:2)
Re: (Score:3)
Only fanbois care about this
And the only safe encoding (Score:3)
Also: go ahead, explain to me why it is that my computer needs to have a turd glyph stored on it.
Re: (Score:1)
is ASCII.
Also: go ahead, explain to me why it is that my computer needs to have a turd glyph stored on it.
Because Stargates can't connect without a point of origin.
Re: (Score:2)
Well...duh... (Score:3)
Microsoft lead the with with VB.Script in Outlook. ("I luv you" too...), then as marketing people wanted to decorate with fancy email signatures we started embedding HTML/Javascript, leading to clever tracking on web servers and javascript routines. The worst part is the default for email clients and web client is all HTML/Javascript.
We need the default on all email stuff to be text only for our own protection as well as the general health of cyberspace.
Oh the irony (Score:5, Insightful)
So we should go back to Text-Only email for security reasons, and more information can be found in this totally safe PDF?
Re: (Score:2)
Yeah why use PDF? Maybe it's because pay layout is a powerful tool for presenting text and graphics in a way to provide additional clarity and meaning to a message. The idea of going to text only email is horrid and I cringe every time I see one.
Comment Subject (Score:2)
It's on by default, not just for the "market" but for users too, because we need to be able to see emojis and an image macro of a "minion" who doesn't like Mondays.
LessthansymbolSarcasmclosetagGreaterthansymbol
Exceptions don't make the rule, rendering email should be a toggle for the cases you need it. If any. An "always on" opt-in would be fine, user-elected consequences. If you're scared of people asking where the emoji are, just have one of those "Media content detected, may not render in safety-mode, cl
Disable embedded images? (Score:4, Insightful)
I've always configured all my email clients to not autodownload linked images unless I specifically want them. This blocks trackers and such, but if people start embedding javascript in email, then that doesn't help much.
RTF email (Score:3)
The Rich Text Format [microsoft.com] from back in the 20th century does not support macros and there are no known exploits for it in the last 18 years. The only time people run into issues is when a Microsoft Word document (.doc or
.docx) is renamed to .rtf and loaded erroneously. But with e-mail the MIME types and integrated viewer and editor would avoid that file extension hole. (that same hole would exist for .txt if MS Office were the default program for that extension, mostly that's just Office being terrible)
Theoretically a safe subset of HTML is possible, but nobody wants to maintain some subset parser with no standard. (standard might be as simple as HTML3.2 without JavaScript or IMG tags to external sites). Perhaps W3C or others should create an HTML profile for safe email.
Myself I'd rather have the sender render and encode a highresolution bitmap file which compresses bilevel images very well allowing for high resolution (like DjVu format). And tag the image with a plain-text section for screen readers, search and OCR to deal with. You get perfect typesetting and good illustration for your email, with far less complexity of dealing with HTML or RTF layout, font differences between systems, etc. (again my example sucks because nobody standardized it)
Re: (Score:2)
The images for DjVu are typically scanned at 300-1200 DPI. Which is higher than your 8K monitor. So your A4 sheet of paper is probably 50% bigger on your 8K display than it would be in real life, you might want to scale it down a little bit to read it if you are close to your screen. There is enough information that you can scale up the bitmap pretty comfortably as well. Of course on a phone it would be downscale pretty significantly.
The main limitation to a bitmap format or really any typeset format is tex
Re: (Score:3)
The only time people run into issues is when a Microsoft Word document (.doc or
.docx) is renamed to .rtf and loaded erroneously.
No, consider the wonderful "winmail.dat", which MS claims exists solely to protect RTF formatting for email. (It's actually what all poorly configured MS email clients send when they do attachments -- a tautology.)
And it's what poorly educated people send even after they've been told that their attachment is unreadable. It can't be THEIR fault, THEY can read it.
I've now officially given up on trying to get the information out of someone who sends winmail.dat attachments. I had one two days ago where I h
Re: (Score:3)
advertisers are doing me a favor by sending emails crammed full of tracking images. It is so easy to send these kinds of emails to the junk folder with a simple filter.
If I could filter my physical mail based on the color and texture of the paper I would cut out most of the junk mail. (and maybe toss out some of the semi-junk correspondence from businesses I use, hardly a flaw in this plan)
But really, I don't think it is a valid to argue on what Email was "intended" for when it's changed so much in the four
Text Only (Score:4, Interesting)
Been reconfiguring my email and web clients to send text only and not to display or download images. Fun at corporate when I don't see folks idiot corporate icons and backgrounds. Heck, I seldom click on attachments from others in the company (certainly not from external sources) for a couple of hours at minimum. I already know my boss doesn't love me
:)
A couple of years back, corporate came out with a standard signature block with html, images, and links. I kicked back with a request for a text only signature block due to various issues with how we manage servers plus provided a link to the Usenet RFC for signatures. They responded with an updated standard that included a text based block with dashdashspace (-- )
:)
[John]
Nothing Will Change (Score:1)
Yes, this is nearly correct. The only safe and secure email is encrypted text. Unfortunately, knowing the right answer and getting the population of the entire world to make the change are two entirely different things.
Thanks, Microsoft. Thanks, Apple. Thanks, Yahoo. Thanks, Google. There was once a time when computers were the coolest thing. They offered promise and potential, the same way a blank easel appeals to an artist. But then you guys came along and ruined everything. It isn't just email.
Old-man-itis disguised as security advice (Score:1)
img=old-man-yells-at-cloud.png
Pine/Alpine (Score:3)
Re: (Score:2)
My email was text only Alpine.
Surprise! Alpine now renders HTML for you. Text-only Alpine is history. It may be limited to showing text because you're using it in an xterm, but it's showing the text from the HTML version.
Re: (Score:2)
We should all go back to using Pine... the best email client ever!
This is news?? (Score:4, Informative)
We've known this for many years. It's why the first thing I do with any mailreader is disable HTML.
That's no even safe (Score:3)
Email my mother a plain text email that says "Your Adobe Flash is out of date, copy this link into your browser to update it" and she's probably going to do it. The only safe computer for her is something like a commodore 64 without internet access.
Then why is it so unpopular? (Score:4, Insightful)
The folks at Dartmouth may well be correct in that plaintext e-mail is safest. However, does that really make it the best solution anymore?
Look, I've got "that secretary" who uses borderline-illegible script fonts on stationery and ConstantContact blasts annoy me, as well. HTML mail does indeed have its downside and I don't disagree that it opens up at least some amount of security holes.
At the same time, plaintext e-mail has its faults, too. The color separation makes it clear when you've cleared the 'new message' in the thread, as does the stylized header. Inline image embedding is abused by marketers, but it makes it far easier to send tutorials or support requests via screenshot sequences. Yes, clickable links are a security risk, but that's how password reset e-mails work now. Do you really expect users to copy the complete URL into the address bar without an issue? If there's a line break in there, you're really screwed.
All of that hasn't even begun to address attachments, because technically it is possible for mail attachments to count as both a part of plaintext e-mails and not. Attachments are a mess, but we've stopped allowing people to e-mail executable files, for the most part. The attachment file types themselves, however, are a mess. Outlook cries wolf at *every* attachment, which makes it "the dialog box to ignore" - itself a UI problem of its own faults. The fact that the last few ransomware attacks I took care of were sourced from a malicious ActiveX payload on a Word document is only as stupid as the fact that there is still a whole lot of software that depends on ActiveX and Macros to function. If Microsoft is too easy a target, then Adobe has some splanin' to do when it comes to the fact that javascript can be embedded into a PDF. I've only seen it ever legitimately used for calculations and validations; is it really that hard to have a dedicated software function for that? The list of such issues is quite extensive, but I think my case on this point is made.
Ultimately, the fact that HTML mail is as ubiquitous as it is has to do with the fact that e-mail as it was originally designed (plaintext, 80x25) is no longer meeting the needs of most people who use it. However, its extensibility is amongst the reasons why e-mail is still as heavily used as it is, long after its contemporaries (IRC, Usenet, others) have faded into niche roles while e-mail is still mainstream.
Meanwhile, most free e-mail providers are pretty good at filtering malicious e-mails, spam filters for on-prem mail filters have reached a pretty good level of maturity, so there are plenty of safeguards in place that have brought the danger down significantly, to the point where e-mail is one piece of the vector rather than the vector itself, and has been for some time.
I pose this question to the Slashdotters who agree with the Dartmouth researchers: Whenever sweeping legislation or military action comes up around here, a post based on Ben Franklin's thoughts regarding trading liberty for security are almost invariably stated, and frequently modded up to a +4 or +5. Now that the "liberty for security" question is on the other foot, when we're discussing trading liberty (more useful e-mail) for security, why does the mindset seem to be flipped? I'm not saying free-for-all e-mail with no spam filters or blacklists are ideal, but I am saying that for all of the ways that e-mail gets abused, it's gotten to the point where it is all but guaranteed to prompt the user before causing trouble, if it gets through the IP blacklists, keyword blacklists, attachment filters, virus scanners, default mail client settings, attachment warnings, application warnings, and UAC prompts...I doubt plaintext would have solved the issue in itself. To champion a function regression in the name of 'security' sounds like the kind of mindset which, according to Franklin, deserves neither liberty nor security.
Re: (Score:2)
At the same time, plaintext e-mail has its faults, too. The color separation makes it clear when you've cleared the 'new message' in the thread, as does the stylized header.
You have no clue what you're saying here. The "new message" flag is a function of the gui or text client, not the email itself. Alpine shows an "N" next to new messages, and that's pretty clear. Evolution uses bold to show new messages, in the message list.
Inline image embedding is abused by marketers, but it makes it far easier to send tutorials or support requests via screenshot sequences.
Images do not have to be inline to be useful.
Yes, clickable links are a security risk, but that's how password reset e-mails work now.
"Because some idiots who don't know good programming and security practices do it this way, it must be good."
News flash: there are mail systems that actually connect to anything in a message that looks like a
Thunderbird, viewing in Plain Text ... (Score:3)
I use Thunderbird and POP3, view my messages in Plain Text, have Javascript and all plugins disabled -- for those cases where I have to view the message body as HTML because (for some reason) nothing (or not everything) displays in Plain Text mode (which annoys me to no end, anyone have a workaround?).
I'm confident that I'm not missing out on anything by viewing in Plain Text, 'cause it's freaking email, not art.
Re: (Score:2)
In Thunderbird, add HTML Mode to the toolbar which toggles between text only, simple html, and the full bollocks.
That is why I use mutt (Score:2)
Sure, I had to make one concession to the ASCII-challenged, I now filter HTML through lynx as more and more people do not even understand a request for "non-HTML" email these days, but that is it. With very rare exceptions this is entirely enough for email.
You can do safe email that is more than plain text (Score:2)
An email format which is well-defined, simple enough for most experts to understand completely, and which has no homoglyphs or other situations that can fool the eye, can be safe.
Well-defined means the is no undefined behavior in the specification. Well-defined also pretty much guarantees that the email cannot result in "open ended" behavior beyond the bare necessities, such as saving a file or printing it, or possibly launching a sandboxed application that is in a separate sandbox from the web browser.
Sim
I miss Usenet (Score:2)