HTML email

Since its conception, a number of people have vocally opposed all HTML email (and even MIME itself), for a variety of reasons.

Proponents placed ASCII art in their signature blocks, meant to look like an awareness ribbon, along with a message or link to an advocacy site The campaign was unsuccessful and was abandoned in 2013.

[7][8] Email software that complies with RFC 2822 is only required to support plain text, not HTML formatting.

To persuade Google to improve rendering in Gmail, for instance, they published a video montage of grimacing web developers,[10] resulting in attention from an employee.

Some senders may excessively rely upon large, colorful, or distracting fonts, making messages more difficult to read.

[17] Although the difference in download time between plain text and mixed message mail (which can be a factor of ten or more) was of concern in the 1990s (when most users were accessing email servers through slow modems), on a modern connection the difference is negligible for most people, especially when compared to images, music files, or other common attachments.

This can be used in phishing attacks, in which users are fooled into accessing a counterfeit web site and revealing personal details (like bank account numbers) to a scammer.

Some phishing attacks rely on particular features of HTML:[19] Displaying HTML content frequently involves the client program calling on special routines to parse and render the HTML-coded text; deliberately mis-coded content can then exploit mistakes in those routines to create security violations.

[citation needed] In 2018 a vulnerability (EFAIL) of the HTML processing of many common email clients was disclosed, in which decrypted text of PGP or S/MIME encrypted email parts can be caused to be sent as an attribute to an external image address, if the external image is requested.