Ever tried to send an email only to be warned by Thunderbird that it contains HTML? Wonder about the safety of HTML emails? Gotten messages in WebMail that contain HTML tags?
In the old days of email, messages that were sent consisted of plain text only, usually formatted to have lines of only 78 characters. Anything that needed fancier formatting was sent as an attachment, such as a word processing or PDF document. Today, most email programs, including Thunderbird, Eudora, and Entourage support HTML sending and receiving. WebMail cannot create or display HTML messages, but will pass them on to your desktop email for them to display. There are different issues to consider depending on whether HTML mail is incoming or outgoing, the most important of which we outline below.
Outgoing HTML Messages
If you are sending out a Thunderbird message with formatted text (bulleted lists, bolded, underlined, etc.), then you are sending an HTML message. A hyperlink is also an HTML item, and so is a forwarded message, whether the original contains HTML or not. Thunderbird gives you three options for sending HTML:
- Send in Plain Text and HTML. This will send a copy of your message that contains two parts: one stripped of formatting and one formatted with HTML. The recipient will see whichever message is appropriate for their email system.
- Send in Plain Text Only. This will strip the formatting so only the text itself is sent (although any attachments will still be sent, regardless of format).
- Send in HTML Only. This will send only the HTML version of your message, so that it will display correctly if a mail system supports HTML, but will include all of the HTML tags (formatting instructions) if viewed by a mail system that does not support HTML.
So what's the best choice? If your message makes use of formatting, select "Send in Plain Text and HTML." Your message will be larger, but it will be easily readable by all.
While you're at it, make this your default for Thunderbird by selecting Thunderbird?>Preferences (or "Tools?>Options" on a PC), choosing "Composition" and then "Send Options?," and selecting "Send the message in both plain and HTML."
Incoming HTML Messages
When you receive an email message formatted in HTML you should be wary if it sent by an unknown sender. HTML formatted messages can easily be made to look very professional, mimicking ones that you might receive from your bank, PayPal, eBay, or even Hampshire College IT. The major problem with HTML-formatted messages is that they can contain deceptive hyperlinks. What this means is that a hyperlink may look innocent, for instance it may say something like http://webmail.hampshire.edu/ in the text, but clicking on it may send you to someplace completely different, possibly malicious.
Another potential problem with HTML formatted messages is that if they contain "web bugs" (pictures or other content from an external server), they can actually let the sender know that you have opened the message. This may prompt the sender to continue to bombard you with spam, having marked you as a good target.
Two rules apply when you receive unsolicited HTML emails:
- Never click directly on a link in the text, no matter how official or innocuous it looks. If you want to visit a website, type the address into the web browser yourself, and never type something you don't understand.
- Do not display the images.
If you believe you have received a malicious email, contact the IT help desk.