Skip the navigation

Analysis: Is HTML e-mail dangerous for your PC, or just your eyeballs?

Twitter protest quiets down, but questions remain

By Eric Lai
June 29, 2009 03:10 PM ET

Computerworld - Editor's note: This story has been changed since it was originally posted because several quoted comments were mistakenly attributed to Dave Greiner, head of the FixOutlook.org protest. The attributions have been removed and the story has been corrected.

Last week's online protest against Microsoft Outlook is turning out to be a tempest in a Tweet.

As of today, almost 24,000 Twitter users had tweeted their support for the protest, which aims to get Microsoft Corp. to improve Outlook's engine for displaying rich Web content in Microsoft Word.

Twenty-four thousand tweets is impressive. But it pales in comparison to the hundreds of millions of corporate workers using Outlook today. (There will be 304 million by the end of 2011, according to an estimate from one research firm, The Radicati Group Inc.)

With Microsoft unequivocally rejecting the protests, the movement is losing steam. After garnering 20,000 tweets in its first 24 hours, it has averaged about a 1,000 per day since then.

One of the software maker's defenses for why it is satisfied with Word's HTML rendering is that it is safer for users than a full-fledged browser such as Internet Explorer, which Outlook used for many years, until the arrival of Outlook 2007.

"Word cannot run Web script or other active content that may threaten the security and safety of our customers," said Microsoft executive William Kennedy.

That raises several questions. Is HTML e-mail still dangerous today, or is Microsoft using security as an excuse not to comply with Web standards?

Some, such as this commenter, "Dave," on the blog of E-mailStandards.org, the group organizing the protest, are convinced it's the latter.

"I have never gotten porn spam or a virus [in] HTML e-mail," he wrote last week. "It makes me wonder what you are looking at on the internet to be so concerned ;)"

But despite significant advances in e-mail security software and desktop antivirus applications, users can still be confronted with plenty of malevolent stuff lurking amidst the HTML-created images, videos, fancy layouts and hyperlinks, say security and privacy experts interviewed by Computerworld.

"There is an inherent risk in HTML e-mail, and there always will be," said Tal Golan, president and chief technology officer of Sendio Inc., an Irvine, Calif.-based vendor of e-mail security systems.

Others contend that HTML e-mail's bigger threat is to users' tastes (more on that later).

HTML e-mail started becoming popular earlier this decade, when it was embraced by marketers, who envisioned more effective ads, and by some users, who enjoyed its convenience and look and feel.

But spammers and other overaggressive marketers also saw that HTML e-mail represented an opportunity to deploy technologies such as "Web bugs" -- tiny GIF images that, when unknowingly downloaded by users, enable marketers to track users' activity or simply confirm the validity of e-mail addresses (for spam purposes).



Our Commenting Policies