[MlMt] Do we need a better way to disable text/not-really-plain?

Benny Kjær Nielsen mailinglist at freron.com
Thu Jan 16 08:12:32 EST 2014


On 15 Jan 2014, at 16:03, Bill Cole wrote:

> Is the audience for a better default behavior and/or a more 
> support-worthy switch larger than myself and the small crowd of very 
> geeky people I've convinced to use MM? Put another way: is no one who 
> doesn't work professionally with the problem of email as an attack 
> vector even bothering to disable this misfeature?

This feature was actually my suggestion of a solution to the (in my 
opinion) much bigger misfeature: HTML in emails. So far this has been a 
complete failure, but this is not the important issue here.

You need a safe mode and I'm willing to deliver. I cannot release a test 
version right now, but when I do then the following should be a step in 
the right direction:

	defaults write com.freron.MailMate MmNeverDisplayHTML -bool YES

This is what it currently does for the HTML behavior of MailMate:

1. Never display HTML body parts. Instead they are converted to plain 
text (often this does not work very well, but it's a bit more readable 
than raw HTML). When you use “Prefer Plain Text” then this is only 
relevant for messages without a plain text alternative — typically 
spam or other automatically generated emails.
2. Never convert Markdown text to HTML before displaying.
3. Never display links as clickable.

I'm not sure if you think number 3 is overkill. If you do then I'll 
remove it. If you don't then I'll make it optional.

Currently there is no way to display HTML without disabling this 
preference.

For the record, the Markdown feature in MailMate can be used without 
generating HTML, but then it only works for MailMate recipients. Also, 
MailMate does not (currently) allow inline HTML in Markdown and 
therefore the security concerns I believe are mainly links and inlined 
external images.

For new members of the list: Bill is a long term user of MailMate (April 
2011) and he is my devil's advocate regarding security.

(The list, by the way, has more than 250 members now.)

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20140116/73c28352/attachment.html>


More information about the mailmate mailing list