Are HTML e-mail messages dangerous? I guess it depends on how you define dangerous. HTML e-mail can run scripts, redirect to other web pages which may be pornographic, and even send information back to the sender that says you looked at the e-mail. The HTML Removal Analyzer is one of the more unique features of Spam Sleuth. It can selectively remove dangerous HTML from your e-mails. By removing script, you don't have to worry about being redirected to another web page. By default, Spam Sleuth will remove HTML script. You may lose some flying logos, but your computer will be safer. Some folks would prefer to get just the text without the colors, fonts, backgrounds, etc. If you just like the plain text without the frilly icing, then let the HTML Removal Analyzer take out the extraneous text formatting. The HTML Removal Analyzer can also remove links. Links are usually pretty safe because you have to click on them to go to a web page. For kids, however, you might consider removing links.
There are two kinds of images that can appear in an e-mail. There are embedded (internal) images, which use up your computer connection when the e-mail is sent, and the more dangerous kind external images. The external images are stored on a web server. When the e-mail is viewed, you computer goes and gets the external images. Often times it also sends information to the spammer that you looked at the e-mail. This increases the chances of you getting more spam from that spammer in the future. If you choose to Remove images (External) in the HTML Removal Analyzer you will not see the pretty pictures in your spam or in your valid newsletters.
If you don't want spammers to know that you've read your e-mail, you may need to take out Web Bugs, External References and Read Receipt Requested header tags out of your e-mail. The HTML Removal Analyzer handles all of these.
The HTML Removal Analyzer is one of the most unique features in Spam Sleuth. This analyzer can add points for certain types of HTML, but more impressive is its ability to remove certain types of HTML.
Script - Java Script and other scripting languages are programming languages, and have been known to have some security holes. Since many of the e-mail clients are using the browser, or browser component to read the e-mail, your computer may be put at risk just by reading an e-mail. Turning on Remove Script can remove the script (program) from the e-mail. Sometimes this means an ad doesn't "fly", but sometimes it means that a dangerous script virus has been thwarted.
HTML Formatting - HTML formatting in a message can be a good thing, but most of the time it is just used by the advertisers trying to get your attention. The meaning of the message is in the text, and conveying it in a big bright purple font isn't usually necessary.
Links - Most of the time links in a message are just fine. If you are using Spam Sleuth to protect kids, you may want to remove links that kids might click on and take them an unsavory web site. For most people, we recommend leaving this unchecked and keep the links. Beware, if you click on a link sent from an e-mail, there is a high probability that the web site owner now knows that you (as identified by your e-mail address) read their e-mail and followed their link.
Fake Links - Some e-mails are including links that are designed to deceive. The spammers use special formatting to make it appear that you are going to your own bank or secure site, when really the browser is taking you to a dangerous site that will take your personal login information and use it to empty your account. An example: http://firstname.lastname@example.org/ While this looks at first glance to be going to eBay, it is going to a site residing at IP 22.214.171.124.
Remove Images (External) We recommend leaving checking this option because most regular folks (friends, family, co-workers) do not send e-mail with external links. To do so requires that you have a web server, or hosting site, and that you are sending HTML with the intent that when the message is opened, the image will be loaded from the web server. Usually this is something that marketers do.
Remove Images (Internal) This one isn't as bad as external images. The image has already been sent to you in the e-mail message. This is often used by spammers, but can easily be used by anyone who pastes a picture of themselves into an e-mail. Opening messages with just Internal images doesn't send anything back to the sender.
External Refs - Because HTML can reference other web pages, it is very likely that just viewing an HTML e-mail will cause you computer to request web pages. The clever spammers will track those requests and know that you've viewed their message. You can add points for external references, or eliminate them altogether by checking the checkbox for Remove from e-mail.
Web Bugs - Use of Web Bugs is a common practice among spammers. They will use IMG SRC tags in their e-mails which cause your computer to request an image when the e-mail is viewed. This wouldn't be so bad, except that now they tack your e-mail address onto the image request so that they know that you viewed their message. This seemingly safe image request will tag your e-mail in their database as live and you will get even more spam.
Read Receipts - This is an e-mail header tag that tells some e-mail clients to notify the sender that you've read their message. Some e-mail programs ignore it, some let you decide whether to notify the sender, and some just notify the sender automatically. Spammers don't use these very often, but you may want to remove the Read Receipt Request tags from your e-mail.
Assign points to these as you wish. Some valid newsletter use external images and some use internal images. If you don't subscribe to newsletters, you may want to increase the points.