On Jo, 11 iul 19, 12:31:07, John Crawley wrote:
...user agents that could deal with html in some sane way, and without
exposing the recipient to attacks. Simply not following any web links would
be enough I'd have thought? Or are there some more subtle attack paths?
Yes, look up the EFAIL vulnerability (I posted a link in another
message). It enabled a potential attacker to trick e-mail clients
parsing html e-mail to decrypt an (old) encrypted message.
In most cases users only had to open the message.