[Ham-Computers] Recent changes to QTH list messages?

AD5PE ad5pe at sbcglobal.net
Wed Feb 18 22:58:07 EST 2009 

Not only that, I just got one (blank body) that my ISP informed me had (a)
an attachment - that they removed, because (b) said attachment was a virus.

Jay 

-----Original Message-----
From: ham-computers-bounces at mailman.qth.net
[mailto:ham-computers-bounces at mailman.qth.net] On Behalf Of Hsu, Aaron (NBC
Universal)
Sent: Wednesday, February 18, 2009 20:24
To: I>Ham-Computers
Subject: [Ham-Computers] Recent changes to QTH list messages?

OK, a few weeks (maybe months) ago, I noticed that some of the lists on
QTH.NET were allowing HTML-based message to "flow through".  Now it looks
like HTML with in-line graphics (or graphics links) are also "flowing
through".

In the past, all messages sent to QTH.NET lists were put through an HTML
filter to remove HTML code before being "reflected".  IIRC, it was done for
a few reasons:

1) HTML messages are space hogs.  HTML e-mails typically encapsulate two
copies of the text in the message container - one in plain text and another
with the HTML code.  Yes, it makes e-mails look "pretty", but the average
size of the e-mail jumps quite a bit with the HTML code (at least 2x due to
the duplication of the text).  For example, a recent message with some
"smilies" that came through on the reflector was 14K in size.  When
converted to plain-text, it was only 4K in size.  10K may not seem like
much, but multiply that by the number of messages the entire QTH.NET system
handles and you can see that it can become a problem.  Yes, HTML e-mails are
"prettier", but I don't think they're necessary, esp on most of these lists.

2) JPG's are a method of malware distribution.  On unpatched systems,
specially crafted JPG's can cause exploit a flaw in Windows' built-in JPG
decoder such that malware is installed on the system.  This is how many
"drive by" system infections occur - just visit a webpage or open an e-mail
with a compromised JPG and your system is infected.  IIRC, this, and space
concerns, were a prime reason for stripping graphics from e-mails.

3) Links in HTML e-mails can be spoofed - the message may say
http://www.google.com, but clicking on it takes you to a rogue website (the
actual link properties). Also, links can be used as "beacons" and used to
retrieve and display in-line JPG's (possibly compromised).


The "flow through" of HTML started before the shift to the new home hosted
by KA9FOX.  I wonder if anyone else has noticed and if the various list
managers know that it's occured.  Perhaps it was due to an upgrade of the
list software.  Whatever it is, I feel that the lists should stay
"plain-text" only - but that's just my opinion.

One more thought...on the QTH Mailman lists homepage
(http://mailman.qth.net), the last two guidelines state that messages are to
be in plain-text and no attachments are allowed.  So have the rules changed
or did something get "turned on" inadvertently?


73,

  - Aaron, NN6O

______________________________________________________________
Ham-Computers mailing list
Home: http://mailman.qth.net/mailman/listinfo/ham-computers
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:Ham-Computers at mailman.qth.net

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html

More information about the Ham-Computers mailing list