Slashdot Mirror
Department of Defense Now Blocking HTML Email
oKAMi-InfoSec writes "The Department of Defense (DoD) has taken the step of blocking HTML-based email. They are also banning the use of Outlook Web Access email clients. The DoD is making this move because HTML messages can easily be infected with spyware and executable lines of code that enable hackers to access DoD networks, according to an article in Federal Computer Week by Bob Brewin . A spokesman for the Joint Task Force for Global Network Operations (JTF-GNO) claims that this is a response to an increased network threat condition. The network threat condition has risen from Information Condition 5 to Information Condition 4 (also called Infocon 4). InfoCon 5 is normal operating conditions and Infocon 4 comes as a result of 'continuing and sophisticated threats' against DoD Networks. The change to Infocon 4 came in mid-November, after the Naval War College suffered devastating attacks that required their entire system be taken offline, but the JTF-GNO spokesman claims there is no connection."
Reduced bandwidth, less entry vectors, less spam entering mailboxes. I guess the only losers are the people who send those annoying Flash giftcards through email.
~ C.
This I guess will just show my age, but I am soooo OK with this. Email should be just text, period. I personally believe that people should spend more time using complete sentences which includes punctuation and correct capitalization.
I guess I should get back to chiseling my notes on stone slabs now.....
At least then people will know why their email never got through. So many people use HTML email without being aware of it and don't realize that's what makes formatting possible.
Although the focus is on Outlook, it seems like there's an outside chance there may be other clients and web interfaces (namely all of them) that are vulnerable to most of the same problems....
That's stupid. The problem is not with HTML mail (which is generated by many people unknowingly). They could just standarize in a safe mail program, with some mandatory defaults. They could force the use of a modified version of Thunderbird forcing the (already existing) oprion of "Disable JavaScript" off. Another interesting Thunderbird feature is the ability to "sanitize HTML", that is, remove from the HTML view anything that isn't strictly formatting (paragraphs, bullet lists, etc.).
however stripping HTML would be a better option as emails are usually sent as text/plain and text/html combined
blocking is just too drastic , perhaps IM would be a better option
If the DoD cannot find a solution to this kind of email, they should outsource its management to countries like India and Russia. Isn't it true that a good amount of our defense contracts are outsourced?
That's as obvious as the department of homeland security closing the borders!
I applaud the effort, but why did they take so long to wise up even this much?
Lynx.
Get rid of IE.
Although vanilla access to OWA is being blocked, there are still ways to get to your email from outside of the network (mainly what OWA was used for, anyhow). You can VPN into the network, log on to OWA using your CAC (common access card, smart card, etc), use your Blackberry (assuming your rank is high enough to get one ;)).
So instead of just plain old OWA sitting out there waiting for anyone to type in a username and password, they've upped the security a little bit. Yes, it's making us jump through hoops a little (for myself, need to stand up an ASA5510 as a VPN concentrator to receive outside connections), but it's not impossible.
Besides... not being able to check your work email from home can only be a good thing, no?? I know, I know, it's for people on travel, leave, etc. too...
As for the "blocking" of HTML email, can't say that I've seen that at all. Maybe it's only for emails that originate from outside of the network since we use HTML email all the time from within Outlook (formatting is useful in this case).
---John Holmes...
As long as stupid users dictate policy (and it always seems to be the most idiotic, uninformed, timetable pounding and ego-blinded of all users usually are in the upper echelons of an organization), security problems do to software choice will prevail. This is how microsnot products usually get pushed into an organization. Score one for the DoD getting rid of freaking html-mail and outhouse web access. One can only hope they s**tcan ms-exchange while they're at it.
Way too much email formatting is pointless and does not enhance communication. Links work fine in plain text and images/complexly formatted data can be attached. This is a giant leap forward. Does anyone have MUTT client for windows?
When I was young, I had to rub sticks together to compute.
Put the pictures on a web page and send your friends a link to the web page. I can't stand getting pictures via email. If you must show me a photo of your new kid, put it on a website and send me the link. I still won't look at it, but I'll respond telling you how cute he/she is and we will both feel better. As for bulleted lists,
* what
* the
* hell
* is
* wrong
* with
* asterisks?
Good! HTML email is very annoying. Most of the time it doesn't display as intended anyway. Many clients will only support a safer reduced set of html thus only parts of the page will display properly. This makes the page even harder to decipher. HTML email is really only useful for spammers and advertisers usually anyway. If something needs to be that heavily formatted, attach it as a word processor document. If you can't get a basic idea across in plain-text, then the problem probably isn't because you are missing your bold tag.
If an officer ever threatens to taze you, say you have a pacemaker.
good, no reason to have flashy html junk- especially in an environment that needs security!
This appears to be a temporary measure based on the current threat level.
If the Infocon levels work anything like the other readiness levels in the DoD, then a shift to Infocon 4 requires a change (temporary) in policy. So it seems that a shift back to level 5 would mean HTML e-mail is no longer blocked.
It's like after 9-11, when all DoD installations had much stricter physical access rules and extra guards at the gates.
Which is a shame, because saying goodbye to html email entirely would be fine by me.
If moderation could change anything, it would be illegal.
I work as a contractor to the Navy, and we received e-mails a few weeks back saying that HTML e-mail would no longer be allowed. However, they weren't blocking it, merely converting anything that was HTML to plain-text or RTF. I've not tested by sending an HTML e-mail to my .mil address (gonna try that in a few minutes), but I don't think they're actually blocking it.
I agree with this.
A basic text formatting subset of HTML to help get the message across without any of the risks of full DOM support.
Slashcode handles bold and italic and lists (I think) and a few others but anything else is culled.
I feel dirty whenever I have to switch from flat-text mails.
The way Outlook shares its email HTML properties with explorer gives me the shivers.
liqbase
-formatted lists look nicer. (Especially if you have multiple lines with a proportional font, because then it gets indented correctly.) Just like nothing's wrong with writing bold text with *blah* and similar things, but the html version is still better looking.
Yes that is all they are doing. In fact, if the formatting comes across screwed up, there is an option to restore html view. Not sure just what rules are applied and how the emails are being affected. I do know I sent a table copied another M$ product and sent it to my supervisor, which he replied back to me. The table was completed screwed up in plaintext mode. However, I did have the option of viewing the 'original format' or something close to it that put the table back the way it was.
I determined a couple of years ago that in order for the small IT department of one (me), to be able to keep up with potential Outlook security problems, I had to filter HTML down to Plain Text. When you've got a program that can be used to infect a computer just be previewing a message, you have to do _something_. Now that we've install Exchange (bleh), internal messages are no longer filtered, but thankfully the old filters for stuff going in (and out) of the company remain in use.
If you know how to use HTML, you should know how to be able to write an email without using any HTML.
If you don't know how to use HTML, you shouldn't use it, period.
Once I was a four stone apology. Now I am two separate gorillas.
HTML wouldn't be such an exploitable thing with e-mail if Microsoft's mail software weren't so full of holes. If Outlook/Exchange is really that important to some organizations, why not offer support for [b]internal[/b] mail to be sent in Microsoft Word format?
Screw the rules, I have green hair!
All I can say is, the war in Iraq must be going really badly if the DoD is this desperate for additional recruits.
If the content of the message is changed, isn't the digital signature invalidated?
Or is the DoD just skipping the concept of digitally signing email?
I block html email myself simply because it is annoying and 90+% is spam anyway. Why is this a problem?
Yay! How profound that what we've always known finally made it into the heads of the military. If you mix code into your data, you're screwed eventually. No way around it.
That said, it's the JavaScript, not the HTML - formatting is data not code.
Now if only they would figure out the same about Word/Excel.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
If the HTML is stripped from the body of the message, that means that the content of the message has changed from the context of the digital signature.
Therefore, the digital signature will no longer reflect the "data" portion of the message and will be invalid.
the only losers are the people who send those annoying Flash giftcards through email
Don't worry, they were already losers!
In the free world the media isn't government run; the government is media run.
I still receive all the HTML email I did previously - it's just converted to text formatting. A great deal of it is virtually illegible as some of the places I would receive email from had elaborate background files to their emails - now I just get a jumble of URLs at the start of those emails and have to search for the actual content.
The other problem is that (at least at my agency) we are still forced to create emails in Outlook RTF even though official policy was to switch Outlook to creating text-formatted emails (the option is locked thanks to our user settings). So our emails never get to where they are going looking the way they did when we sent them as they lose all formatting.
well, you already know the answer. Too bad nobody at the DoD is willing to step up and ask why their *nix systems are not having these problems.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Instead of facts, we get just another bash Microsoft thread. Figures.
Any here that are forced to use the NMCI (Navy/Marine Corps Intranet) network know that reading any email at all can be a challenge.
A NMCI laptop takes over 10 minutes to boot and load the dozens of background processes and roving preferences. Once booted the machine is near useless performance wise.
Most, including middle management, refer to NMCI as No More Computing In-house.
In order to get idea just how bad things are, upper management conducted "customer satisfaction surveys". Even though the NMCI program office controlled the content, distribution, and analysis of the survey the results indicated overwhelming dissatisfaction. The NMCI program office has declined to release the raw data from the survey, instead issuing a release about the results. Rear Admiral J. B. Godwin III said releasing the results would challenge the "integrity of our data." Hmmm....
Most Navy labs that are under the burden of the NMCI contract maintain two networks, the legacy and the NMCI - the one to get work done on an the other to read email. This leads to double the costs and double the vulnerability exposure, and halves the resources to concentrate on security and usability.
Worst I hear that the Navy just extended the contract to 2010. Your tax dollars at work.
This little beastie got into an offline nuclear reactor and blanked their control of it for four hours. The same bug shut down monitoring on a CSX rail line, causing just as much concern.
How many years ago was all this? Sounds like the paperwork just got filed.
Good move.
--- For a good time mail uce@ftc.gov
I remember getting an RTF-formatted email from my ISP back in 1995, when you would actually see RTF in the wild.
I chose RTF as the format for my reply. I thought that was reasonable. (I forget what mail client I was using- maybe Eudora.)
They wrote me back, again in RTF.
"WTF is this? We can't open it."
No, not WTF.
Microsoft RTF.
I don't see the point of taking security risks and wasting bandwidth on email that "looks nicer." You want a nice looking email, format it as a webpage, and send your friend a link to the web page. Or print it out and stick it in the post box. My email program is instructed to display all email as text only and if it is full of crappy html that isn't filtered out, I hope it wasn't an important email because I deleted it. But I shouldn't have to bother; this junk should be filtered out at the server level and I'm glad the DoD at least recognizes that email security is more important than how nice it looks. I only wish my university would do the same :) Don't get me wrong, I love html, but it's not made for pretty-ing up email. It's made for hyper-text, which email should not be. Most email programs allow you to follow links that are part of an email message pretty easily, so what's wrong with sending the link to your browser?
It sounds like DoD IT people hate users' freedom! Sounds like we've found an Al Quida sleeper cell right in the DoD!!!
I encode all my emails using WingDings font, so absolutely no-one can read them :) I can't do that in plain text!
I hate to say it, but this isn't anything new. The USAF has been moving in this direction for quite a while, with a service wide mandate that came down back in June. I don't recall the exact date, and since I'm not at work, I don't have access to the email which contained the policy. Additionally, There's also been a DoD wide move towards a 'Standard Desktop Configuration'.
All in all, DoD is moving towards more secure networks, and making things a lot harder for the user to screw up on their own, as well as making it harder for people on the outside to get in and do much the same. Will it be effective? I'm not sure, although I personally think that it's not going to happen as long as they're set on remaining largely windows based. Moving to Vista isn't going to happen anytime soon, so any improvements there aren't going to be available for the near future.
I have no regrets, this is the only path.
My whole life has been "UNLIMITED BLADE WORKS"
It's not security, it's not size.. it's the bleedin' fact that every sodding day some bellend asks me how they insert >picture/video/stupidlink< into their email. I'm fed up with it! I'd rather feed their bones to pigs!
:o)
Merry Christmas by the way.
Incidentally, if those bloody angle brackets are the wrong way round - blame the sodding HTML! Merry Christmas again... and yes, I've been out getting lathered, deal with it!
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Uhhh, the links are in html. So that's not going to work.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
Uhhh, no they're not. At least, they don't have to be, and the email program shouldn't allow them to be.
The browser is designed for HTML and is configurable by the user (or the user's admin) -- you can say no java, etc. More importantly, the user has to take positive action -- click a link -- and to recognize that he/she is now going on the web to see something rather than looking at an email document stored locally as a file. You can also see where the nastiness is coming from if you land on a hostile script posted to a web page. Finally, you have a choice whether or not to click the link (and I usually don't). As long as the link is in plaintext (which is what I am advocating), you can see the address before you click on it, and you can decide whether it's worth the risk to see a photo of someone's dog you've never heard of. Embedded IMG tags and javascripts can be pretty nasty. Sure, these can be nasty in web browsers too, but at least you can make a reasoned decision before you wind up downloading some random script.
And that is that the web browser is designed specifically to deal with html. New html security holes are dealt with by web browser patches on a regular basis (for the good browsers anyway). Email clients read html as an extra; their main function is to send and receive email -- hopefully they will be updated regularly too when new security threats arise, but it's more likely to be an afterthought. That's another reason why I'm a proponent of having clients do what they are supposed to do and then pass the other protocols on to other clients rather than trying to do everything within a client that was primarily designed for one protocol. Why have a web browser read email and an email program handling HTML?
What do you think of the DoD's banning HTML email and going back to plaintext?
1. OMG! How am I supposed to share my baby pictures?
2. They're overreacting to a problem with readily available and easily implemented solutions.
3. Told you so! Told you so! Told you, told you. told you so!
4. Send in Cow-Rambo-y Neal!
It shouldn't be rocket science to display a piece of formatted text while disallowing network connections or scripts.
The fact that none of the major E-mail clients can be trusted to do this is a testament to the sad state of software engineering.
A lot of folks are going to say that this is overkill. A safe email client, patches, scanners, etc. should be "good enough". Well, if I was American (as opposed to Canadian), I'd say that this move by the DoD is a good one. Who cares if the risk is "small"? There is a higher risk with HTML email than plain text, and only marginal benefit. We are talking about an organization that needs to operate at very high levels of security.
A NMCI laptop takes over 10 minutes to boot and load the dozens of background processes and roving preferences. Once booted the machine is near useless performance wise.
That is so true. The Navy needed technical standards, not NMCI. The organization is too big and diverse for a one-size-fits-all solution. Application development has all but stopped outside of San Diego and EDS is running...or should say ruining...most of that. Layers of process and bureaucracy between the users and a usable product. What used to take months and cost thousands, now takes years and costs millions.
One example project...a working system built by just three developers in less than a year, part of the way through deployment when EDS moved in to take it over. Now there are 30 people on the project and they're scoping requirements...of a completed product in the middle of roll out. It's taken them almost two weeks to set up a test server.
When you take the billions invested, then add the man-hours wasted with people waiting on the help desk line the cost would be staggering. And I've never called when they weren't experiencing higher than normal call volume. When you have to play that message all the time, that means the normal call volume exceeds your capacity.
I will say this, though, after the 20-30 minute normal wait to get to a help desk operator, I've been very satisfied with them. That's the one part of the program that does work but doesn't justify the cost. I consider NMCI one of the great defeats in Naval history and casualties are 250 million US taxpayers.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
...The trouble is, they should've done this ten years ago. At least the HTML mail... It's a bit scary that the DoD is taking so long to get reasonably secure. Department of Defense, people!
Don't thank God, thank a doctor!
From: Donald Rumsfield
To: General Whosit
Subject: My final Orders
This email contains a computer trogan.
You are so pwned!!!
Sincerely
Osama Bin Ladin.
____
Yeah... Typos are on purpose
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Why don't they simply add some format conversion feature on the border e-mail gateway ? That way, HTML messages gets converted plain text before delivery.
Then again, maybe they use Exchange, and can't implement something of this sort. I know it is, if not trivial, relatively easy to implement on many F/OSS MTAs (namely exim).
morcego
Dude here is correct. I work at the Staff war college that the article mentions. We set up a seperate CAC enabled OWA footprint and when one got turned off we flipped the DNS switch to the other. Install some middleware and use your CAC card. Much more secure and really no big deal to do.
HTML email is no loss. Folks can still send word docs or use rich text. We improved out security posture significantly.
People can still VPN is as well, again using their CAC card.
I myself have cut back on checking email from home as I usually leave my CAC downstairs and am simply too lazy to go down there and get it to check email.
I am a DoD employee and saw them take this step a few weeks ago (without any notice, of course).
They don't block HTML mail specifically, but every email is "converted to plain text" by outlook. A very, very big hassle, especially when the boss likes to highlight and bold text in his emails. He can still do this because Outlook doesn't force you to compose in plain text. However, when it gets to the employees it can be confusing due to the conversion process (especially to the "old" folks who can't figure out how to convert it back to HTML).
They actually have disabled many of the options in Outlook so there is no way to allow Outlook to always show emails as HTML. A major pain, in my opinion. I always have a need to format tables of infomation and embed them in my emails. Oh well, time to change my ways - life goes on.
I read all my e-mail as "plain text". After all, HTML is plain-text too.
95% of the time that is all you need. Yeah, I can see they marked it italics or bold, but they are the same words.
If, after looking at the "raw" text, and I really think the formatting will convey some additional info, I might look at it as "html". Looking at the raw text gives you a pretty good idea if there is anything sinister about it.
In my experience, most HTML mail that "needs" HTML is junk mail, office jokes and the like.
Real business correspondence works on typed pages and plain text. No HTML needed to get your message across. Oh, but please do use a spell checker.
This issue is a bit more complicated than you think.
Outlook did me the favor the other day of removing the "extra" line breaks, screwing up the already limited formatting I was stuck with. People will get around this by attaching a Word or Excel document. So the bandwidth costs are only temporary, till they figure out how to get back the formatting capability they had. The search function will be severely limited, unless Outlook will search through attachments.
I think forcing plain text is a bit severe. I understand the vulnerabilities of HTML, but allowing a reduced subset of HTML function to provide for text formatting would be a better (as in more useful for the end user) option. If the IT folks are the only ones whose convenience is being considered, I guess plain text is fine, and for that matter we should still be using diskless VT terminals. I don't often use the "threw out the baby with the bathwater" cliche, but I think it fits here. Allowing tables and italics isn't going to kill us.
I concede your point, mostly. But my bosses want tables. I need the ability to copy/paste tables and queries from Access into an email, and limiting my emails to plain-text means I have to copy/paste the text, then manually format the table into pretty columns. And the first time a boss forwards my email to someone else, the formatting is screwed up again. I don't need the full spectrum of HTML capability, but tables are useful. Give me the tabular environment from Latex, or something. People will just adapt by sending attachments, and the entire plain text of the email will be "see attached." Does Outlook's search/find function work on attachments?
most of the computers i have at home are set up to NOT accept html email. they've been set up that way for years. the DOD should have done this years ago. the also should have dumped MS Outlook years ago. these are the people (the DOD) who are supposed to keep us safe?
I like the way Kmail does it. It displays the silly html as text, with a button that asks you if you want it rendered. A quick scan shows you who it's from and if the thing is legitimate. Clients that are all or nothing and riding on an OS that's full of holes are the cause of the problem.
Friends don't help friends install M$ junk.
"Install some middleware and use your CAC card"
CAC. *CAC!* Say it with me: "CAC." Does "Common Access Card card" make sense to you?
Sorry. Pet peeve o' mine. But I live this field.
-- Cerebus
lick them
This is exactly what they are implementing (converting HTML mail to plain text).
You know... something like 12 tags and that's it.
bold, italic, underline, list.
More like when html started.
Formatting can help you to understand content.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Simply allowing text helps server loading, but if the cycles are available, allowing selected, whitelisted HTML tags helps readability. The tags that make the whitelist should be benign formatting tags not unlike those allowed by /. (see "Allowed HTML" on the /. comment entry page.) ...to which I'd add 'pre', 'font' (only Courier, Helveticia, and Times), and those necessary to support tables of data. It wouldn't hurt to have such a list standardized so it is clear what will and will not be accepted.
HTML is not really needed if formatting is needed. People can just write the message in MS Word and attach the file if HTML is unavailable! Really good choice indeed!
I use FastMail.FM webmail to read my email. I always view HTML. The HTML produced is a subset of the full HTML and most tags are "defanged" (including images and forms but lots of other stuff too). That's the correct way to read email. Banning HTML completely instead of allowing a secure subset in a secure environment means people would opt for formats that are much worse than HTML.
You hit the nail on the head with that argument. That was exactly what I was thinking. Seems to defeat the purpose of blocking html e-mail.
Most html exploits are going to just link you to some stupid site that will actually rip open the security hole and infect you with god-knows-what. The e-mails themselves most likely are not going to be the culprit, but the actual website they so cleverly link you to will.
Hell, half the time the links aren't even clever. Phishing attempts are the worst if you have half an idea of what is actually happening when you browse the web. It's not hard to recognize that going to 122.235.151.62 is not the same as going to ebay.com to fill in your username and password information. But apparently even the DoD has completely clueless users... just the same as any other institution/corporation I guess and blocking html will be the easiest and cheapest fix I would imagine.
You're nothing; like me.
And so it goes, the world of Windows slowly but steadily moves forward in removing yet another piece of internet functionality, all in the name of security. Shame, isn't it, that because of Microsoft's swiss cheese products we can't seem to enjoy all the good things about the web that were promised?
If I didn't have absolutely NOTHING to do, I wouldn't be here.
It's not really a concern as far as the DoD is concerned.
.mil domain, then it will arrive with HTML intact. If the generals/admirals didn't have the ability to automatically indent and inject their [Username] when replying, they'd collapse in a fit of frothing and twitching.
If something needs a digital signature, then the person sending it is going to know how to configure their Outlook client to send in plaintext anyway. Our Outlook clients don't come "preconfigured" for signing, so the user has to know:
1. What a certificate is.
2. Configure ActivCard Gold on their machine to register the cert.
3. Navigate Outlook and find the security prefs.
4. Which cert to actually use with Outlook (there are 3 on each CAC card.)
5. To use THEIR cert, there are often more than just yours on any given machine.
From a DoD point of view, email coming in from "The Wild" from family and friends doesn't need a signature anyway, so it's not going to matter if a signature gets borked when the HTML is stripped. And if it's coming from a vendor who actually needs to use a signature, they'll be able to meet all five criteria mentioned above, and won't even use HTML.
OR...the NOC will simply add their domain to the whitelist and let it through.
Also, if the email is coming from a
The DoD really hasn't ramped up the whole digital signature thing quite yet. They talk a big deal, but when it comes down to the Nuts&Bolts implementation, the only ones using it are the geeks, not the grunts.
As usual.
[End Of Line]
Fixed tags:
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Thank you for the tip. Merry Christmas!
Media is supposed to be free. They can express their opinions if they want. They aren't supposed to only report news, because most people just can't understand more than one aspect of the news.
ilex paraguariensis for all
Indeed. Intel does the right thing here -- if I'm interpreting their NISPOM-equivalent manual correctly, not only will they not outsource IT, they don't even allow non-Intel employees to have root. The E-ring people definitely need to do something about the contractors who hire employees based solely on clearance and blood pressure, and the poorly-written contracts that allow them to get away with it.
I know, It'll take some getting used to.
I think the move to plain text e-mail is a good one for the DoD. Besides the reduction of risk of malicious code, there are at least two other advantages of people using plain text for their e-mails:
I agree with others that if formatting is so important, the best thing to do is include a formatted attachment with an e-mail. One thing to consider is that HTML provides only limited control over appearance, and it can vary based on application. Something simple like not double spacing between paragraphs is difficult (without the use of style sheets).
As the above writer suggested, a limited subset of HTML for e-mail might be a good way to go. I think a better, and more secure way, might be to develop an XML format specifically for e-mail which only allows for formatting and no executable code.
One feature of the format should be that the only e-mails that will be accepted are those that contain only legitimate tags. If an e-mail contains a single invalid tag (regardless of the reason) it is rejected and a message is sent to the sender.
I believe I speak for every mail system admin when I say "About bloody time".
It's only 10 years too late. It was about 10 years ago that the email viruses piggybacking on "active" content in HTML mail in Outlook and Outlook Express really started taking off.
I once peeked inside my Thunderbird's training.dat file. All the spammiest tokens were HTML tags. Good riddance.
"Knowledge is power. Power corrupts. Study hard. Take over the world."
Email messages need to convey information.
If I need to tell a student that
2
x
e is not integrable in elementary tame then you say I have to create a pdf document for this one sentence? Most people I know attach a word document to do it because they don't know any other way. Or I can write $e^{x^2}$ like mathematicians do and tell my students that hardly cope with their math that they need to learn TeX before they can learn math. Or I can write e^x^2 and make it ambiguous. Or I can do what I do and write e<sup>x<sup>2</sup></sup> and send it in a message with Content-type set to text/html and the student will be able to see it in any mime compliant email reader that is set to render a minimal harmless subset of html (sadly Slashdot doesn't think <sup> is a safe tag for me to use in formating a post making me use "code" formating to make sure this is rendered with fixed width font. In Email I don't even get the option to set fixed width font unless I use HTML or attach a file created in a word processor).
In real life most of the email I write is in Hebrew and there is no real plain text format that guaranties the recipient sees the same sentence I wrote. HTML provides the tools needed to control the way text is displayed without needing to create printable documents for every short note. When I compose English email I use plain text unless I need to convey information that needs html like math formulas or links.
1^{1/2} in HTML:
l l_example.html which actually has a cool equation editor :)
one way is: 11/2 and this is the way I would usually do it (with an html composer that has superscript/subscript buttons like all three different alternative composers in FastMail.FM's webmail interface).
Another way: 2
And another: 1½ (this is doable in fckeditor or in xinha using the "Insert special characters" button, see http://www.fckeditor.net/demo and http://xinha.gogo.co.nz/xinha-nightly/examples/fu
(I got the html entities from http://www.bigbaer.com/sidebars/entities/)
My student normally don't do these things. But then I can do the guesswork on what they mean, but I don't expect them to do the ame to understand what I say. Anyway most of my students use forums were they have an eqation editor that creates mathml (if they run winxp and can have admin privileges).
I still receive html e-mail from outside sources. The default view (and preview pane) have been changed to plain text - you right click on the banner telling you that and convert it back to html - poof, an html message again. I can't compose html though, only rich text, and if the recipient id a DoD person they'll have to go through the same rigmarole to see my original formatting.
From TFA: "the current threat level does not bar the use of attachments"
Now what was the problem again?
Regarding your claim that HTML mail is mandatory, I have a very hard time seeing that anybody would say: "The DoD don't accept HTML e-mail so we don't want them as customers".
Installed the Bubblemon yet?
Just today I found this cool tool that converts easy to type ascii notation for formulas ("simplied TeX") to mathml using javascript. And there are also visual tools to help.
There is a special page to make it easier to use in email: http://math.chapman.edu/email/
I prefer text mail but hardly anyone sends it any more. And outside the hacker community it seems you don't get much html mail...you get worse: a short note (e.g. "please see attached meeting summary") with a ONE PARAGRAPH WORD FILE ATTACHED!
mega-moronism. As a result the DoD will just get more word virus files and less html mail.
Pathetic....and in this case I don't mean DoD.
It is not so much HTML mail which has been blocked as access to all web-based email "clients" such as gmail, yahoo and of course the Outlook web client. HTML formatted MIME mail still is enabled- I just tested it.