D. Štrbac

HTML Is Not For Messaging

The inclusion of HTML in email messages has been a detrimental development for email. It not only paved the way for intrusive graphical advertising but also eroded the trustworthiness of email. What you see in an email is often not what you actually receive.

HTML allows fetching additional resources from the Internet. Unfortunately, this feature is often exploited for tracking user behavior, including when emails are opened, the recipient's location, preferred language, and the systems they use. From a security perspective, this opens a public attack vector right in your inbox, without requiring any permission.

What's even more concerning is that HTML is accessible to anyone, enabling malicious actors to mimic the styling of legitimate entities such as your bank, club, or co-worker. The links displayed in these emails may appear to lead to one URL but could, in reality, point to an entirely different destination.

In essence, HTML primarily serves as a formatting tool for email messages. However, a truly meaningful message should inherently possess its own styling, rendering HTML largely unnecessary. If there is a genuine need for HTML content, it can be included as a bare URI. In such cases, it should be left to the reader's discretion to decide whether to click on the provided link and access the content. This decision should only be made after the reader has been fully informed about the nature of the content they can expect. This approach allows users to exercise their judgment regarding engagement with HTML content, a choice often denied when HTML is integrated directly into email messages.