Using and Abusing Attachments

E-mail is fundamentally a text-based medium. Mail messages are sent using normal alphanumeric characters, punctuation, and a few other symbols. Today, though, there's a great demand to send and receive non-textual data in mail messages—digital photos, sound files, spreadsheets, and so on. (Even word processing documents usually include non-text formatting bytes.) Attachments are a way around the text-only e-mail limitation. These use special types of encoding and separators to convert non-textual data into a textual form. All but the most primitive Linux mail programs support attachments. You can easily attach files you want to send or save attachments others send to you. There are some caveats, though:

HTML Issues One common form of attachment is HTML text. Many mail readers can parse HTML, providing varied fonts, text colors, embedded graphics, and other features common on web pages. Unfortunately, HTML brings a host of problems with it, including privacy, size, and security concerns. For this reason, many people prefer not to receive HTML, and you should be cautious about HTML mail you receive from others—especially from strangers. Many mail readers provide options to enable or disable the parsing of HTML in mail messages.

Privacy Issues If you enable HTML in your e-mail, and if your mail reader automatically displays graphics loaded from the Internet by HTML e-mail, your reading of e-mail may be tracked. This feat is accomplished by the sender incorporating an HTML bug in the mail—a reference to a small graphics file stored on a website. When your mail reader accesses the bug, the web server notes the fact, allowing the sender to track who's reading the mail and when.

Size Issues Attachments can consume a lot of space. Binary files converted to attachments are larger than their originals; for instance, a 60KB file will be 80KB as an attachment. Therefore, if you want to transfer large files, using FTP or some other binary-transfer protocol will likely use less network bandwidth. HTML mail is frequently sent in both HTML and plain-text form, and the HTML tags take up space that wouldn't be used in the plain-text version.

Security Issues Beginning in the late 1990s, e-mail readers regularly spawned security problems, and many of these issues are related to attachments. Many of these problems involve poor security settings in Microsoft's Outlook and Outlook Express programs, but Linux users shouldn't feel too smug; it's conceivable that somebody will eventually develop an e-mail virus that will exploit a weakness in a Linux mail client, especially one that's configured to automatically render HTML. You should never trust the contents of attachments sent from unknown sources, or even unexpected attachments from trusted sources; some e-mail viruses of the past have pillaged victims' address books to find subsequent victims. Security problems have been found even in nonprogram file types, so even graphics or audio files could harbor viruses.

Overall, attachments are very convenient tools for communication, but they pose security risks. I recommend using them with caution. You should disable HTML rendering in your mail reader, if it provides an option to do so. Don't blindly open an attachment, even if it's from somebody you know, unless you were expecting the attachment. If bandwidth is at a premium, choose another transfer method, or at least compress your files with gzip or zip before sending them. (Some file types, such as JPEG graphics, are precompressed.)

0 0

Post a comment