Re: Posting_style / top-posting / business



Hi Ildar:

Am 29.12.09 08:47 schrieb(en) Ildar Mulyukov:
1. Modern business uses top-posting [1].

That's not true. I sometimes see this effect if people sent messages with Outlook, leaving all the communication of a thread below the new message. That's a truly bad habit, as the message will grow easily to thousands (really!) of lines, in particular if they contain crazy disclaimers. In Germany, I sometimes have to print messages for legal reasons, and I easily get 10 lines of "relevant" stuff plus several pages of crap.

In short: don't do that.  Edit your messages carefully, and think before hitting the send button... ;-)

  a. signature should be inserted to the top

I think you can configure that in the identities.  Never tested it, though.

  b. "quoting" should be done in different way - not by adding ">" in the beginning (one of the alternatives is in point (2a) later in the text)

The '>' character is the usual quotation mark (see e.g. [1]).  You may choose different ones in Balsa's configuration.

2. HTML support should be more extensive

Using HTML in e-mail is an *extremely* bad idea, as it has serious security impacts. Quoting from the IT Security Catalogues, published by the German Federal Office for Information Security (BSI, [2]; the German version is a lot newer, but still gives the same guidelines):

<quote>
- HTML-formatted e-mails can contain active content (e.g. JavaScript, Flash, ActiveX or Java). For this reason, HTML-formatted e-mails can cause problems, often in combination with security weaknesses in e-mail clients. To avoid this, e-mail programs should be configured so that they do not execute active content in HTML-formatted e-mails without prompting the user for confirmation. If possible, only e-mail clients which make it clear that a given e-mail is HTML-formatted before it is opened should be used. If the e-mail client offers the option of not automatically displaying HTML-formatted e-mail, but instead presenting the message only as text (HTML source text) the first time it is opened, then this option should be taken up.
- Due to the possible risks associated with HTML-formatted e-mail, if possible no HTML-formatted e-mails should be sent. When configuring the e-mail clients, "Text only" should be set as the default format for new e-mails.
</quote>

In short: In any security-sensitive environment, sending HTML formatted messages should be *explicitly* forbidden. If multipart/alternative messages are received, the anti-spam daemon (spamassassin or similar) should remove any HTML part, and HTML-only messages should be rejected.

The problem is less critical for Linux and for non-business environments; there phishing links and the loss of privacy (by auto-loading linked contents like images) are an issue, though.

BTW, if you look at the latest Kontact enterprise releases (which are designed to interact with the free "kolab" Groupware [3]), you will see that the default behaviour exactly follows the BSI's requirements above.

What do you think?

We introduced the possibility of sending HTML multipart/alternative as one user complained that properly formatted text/plain messages in right-to-left languages (persian?) were not displayed properly in some broken web mailers; the html part was, though.

IMHO there is no good reason to extend HTML support in balsa.

Just my € 0.01, though...

Best, Albrecht.


[1] <http://www.ietf.org/rfc/rfc2646.txt>
[2] <https://www.bsi.bund.de/cln_165/sid_B90C09215373598C69AC263962B7DE65/EN/topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html>
[3] <http://www.kolab.org/>

Attachment: pgpKejLCQFYh4.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]