Open Source Applications Foundation

[Design] Scripts, Cookies, HTML/RTF formatting, and Attachments

David R Lambert Fri, 25 Oct 2002 10:47:33 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My requirements for email are simple. I need control over what arrives
and that control needs to be opt-in rather than opt-out.

For security reasons:

I _need_ to be able to force all incoming email to be in plain text,
i.e. no HTML or RTF (either converted to plain text or discarded).

I would like to be able to configure this option to be sender address
specific, e.g. an option along the lines of; [ ] Accept HTML/RTF
emails from this sender.

All unknown senders should be subject to the "no formatting/no
attachment" rule by default. This is absolutely fundamental to good
security.

There should be a means of totally excluding ANY form of scripting and
active content when viewing HTML based email, especially redirection
which is dangerous with a capital "F".

Attachments should be discarded by default unless specifically
allowed. Some of my users/mailboxes should never receive attachments
of any description, if they do they are either viruses or
"undesirable".

The option to configure POP3 collection before SMTP sending on any/all
email accounts. Some ISP's operate this method of validating a user to
allow them to sending mail through their account while connected to
the Internet via third party telecom provider/ISP.

Incorporate PGP/GPG signing and validation.

Have system administrator level control of some options for added
security.

IMHO, Outlook is wide open to abuse because it promotes eye-candy
before common sense.

My suggestions above try to cater for both the experienced security
conscious administrator as well as the less experienced users who may
not realise the implications of clicking OK instead of Cancel. They
would make protection against email viruses in corporations possible
and a lot easier to achieve (and affordable).

- --
David Lambert

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQA/AwUBPbkC2a5+tapQmkXxEQLeWQCg3ZNnw7KPS2wL+u30khofDaCybBwAoJFo
LxoXOxzzvIjcyBnBzjYBC+OO
=51Jy
-----END PGP SIGNATURE-----