what I know is to do my own emails with my imac having leopard 10.5.1latest mail software installed on the machine and use my photoshop, flash and dreamweaver I have on my old imac G4 to do the job and thentransfert it to my newimac 24″ with mail inside leopard 10.5.1 !!

so as really not expert in html better with flash could you do a diagram or synoptic for peoples like me they understand better your explanations with example :

Where to go on the machine to find it ????
what iss the arborescence ????
how to drawn or modify ???
What to do and to change ???
which softwares are need ????
and so on….

drawings are better than thousands words !!
and much easier to understand….

I leave you my email address which is crisware@free.fr to have your answer with pics explanation for better understanding and to do my first designs for custom mails which will be in accordance with my documents and my flash website, for backgrounds, musics,videos and so on I have drawn and designed on it ..

Thanks a lot your help and support….

With friendly,

Chris

Crisware@free.fr

Here are a couple observations on the HTML vs. plain text debate:

Risk: indeed it has been a few years since a significant email worm has caused havoc. And when you consider that about 60 BILLION emails are sent every DAY (about 2 TRILLION a year), it speaks to a certain robustness of email security.

I also don’t think that a clear pronouncement can be made for or against HTML in email. From my perspective, if the graphics and layout of HTML contributes meaningfully to the message, by all means, use HTML. OTOH, if the HTML is just being used to create junky backgrounds for a message that really only needs text (e.g., “tomorrow’s meeting is at 4:00″) then skip it and just send plain text. I don’t think it’s an all-or-nothing issue.

And c’mon guys, we’re not exactly using 300 baud modems and floppy disks anymore. Bandwidth is plentiful and storage is cheap. I mention that in case anyone wants to argue that HTML emails are so big. (In that case, lets forget the web altogether and go back to dial-up BBSes…hyeah, that was better…)

A couple of comments for Dave:

* Off the top of my head, I can’t think of any way for HTML e-mail to do anything malicious that a webpage couldn’t also do.

* You wrote “I wasn’t aware that Apple maintained a version of JS for Webkit like they maintain a JVM for Java. It makes sense since they seem to like to control all aspects of their OS.” However, this isn’t really a “control” issue. Rather, the nature of JavaScript is such that the only — or at least the easiest — way to implement it in a Web browser is to write an interpreter from scratch. So Microsoft wrote their own JS interpreter for IE, the Mozilla crowd wrote their own for Mozilla, and so on. Just like anyone writing a Web browser has to write an HTML interpreter, they have to write a JS interpreter.

We’d be unlikely to ever agree fully with each other, and there’s no reason we should since that question has no authoritative answer – sadly, no-one has done a statistically-significant poll of malware authors regarding their thought process prior to writing a virus.

Heh, we’ve both said way more than we initially intended to, but I think we’ve both made valid points about security, we’ve added to a very worthwhile debate, so it certainly hasn’t been a bad thing.

Unless Tim is sitting there thinking, “But this post was just to link to a stationery-editing article! When did it become Macs versus Windows?!”

To summarize what I have seen, basically, virus writers are writing viruses now for one goal. A business. They want to have control over as many computers as they can as “easily” as possible so that they can use them for spam and dDOS attacks. It’s pretty trivial to use simple scripts to take over millions of Windows systems because the folks who are being taken over have no clue how to use a computer. That actually comes from experience. When I was out of work a few years back, I started up a small business similar to GeekSquad to help people get their computers back up and running as good as new. I found many simple viruses on their systems and always suggested getting a router to protect their computers from future attacks.

Anyway. Once virus writers have all their zombie computers, they sell time on them to send spam. There are actually viruses out there that have Anti-Virus code in them to remove competitive viruses so that only their virus is on the system. Kind of like a real world CoreWars (look up CoreWars on Wikipedia for more info on that game). I’m not kidding about the virus with anti-virus code in it, by the way.

The point here is that there are millions and millions of Windows boxes out there that are open for hackers to get to. There are quite a few Macs out there too, but they are not as easy to access as the windows boxes. Not because of the OS, although I’m sure OS X is way more secure than Windows, but I have a strong feeling that Mac users have a better knowledge of computers in general. Sure, I have my parents on a Mac Mini so that their computer doesn’t get attacked like their older Windows box did. I was cleaning crap off of that Windows box ever other week. I have yet to even worry about the Mac.

Now, as I just said. Part of the security comes from the OS. Heck, I would probably venture to guess that most of it comes from the OS. Having to enter a password to install a program is quite good. If my parents knew the admin password to their Mac however, I suspect that I would be dealing with problems on that box too. OS X makes it easier to install programs on a standard user account without having to be an admin. Windows has always had a problem with that and I suspect they always will.

Anyway, that was way more than I meant to post on the subject. Especially since this is a site devoted to email and Mac’s, not security. But security is a part of using email since some viruses do get delivered through email. That’s what I have heard arguing for the side of security through obscurity. It makes sense to me at least.

I think that, on the one hand, it has to be accepted that HTML and JavaScript (in any form) has only a limited means to ever cause trouble, and security is a prime consideration of those writing HTML and especially JavaScript interpreters. On the other hand, it has to be accepted that limited does not mean none, and we are in any case at the mercy (as Dave rightly points out) of software written by fallible humans.

In a lot of respects, this issue tends to get me worked up because I don’t see the debate progressing, it frequently becomes mired in arguing points that are either unnecessary or decided already and we never get to debating valid aspects of the argument. That’s not directed at anyone here, and I am as guilty of it as anyone else.

And an impassioned argument for HTML e-mail will always seem to come across as something like “it’s all perfectly 100% fine”, when of course it isn’t – the day that one thinks that their security is perfect is the day their defences will be breached.

To get to some of the points raised, the iPhone’s Safari is a modified version of the Macs, but pretty close at the source level. But the iPhone and Mac have very different processors and OSes meaning that not only is the object code substantially different, but the opportunity for (and handling of) things like buffer overflows are completely different.

I haven’t read any *arguments* for security through obscurity, just lots of people saying it without justifying it – I would be interested to, though, so I will search for them. I’ve seen a few good reasons against, another one is the fact that unix is widely deployed in high-value targets and yet remains (like OSX) very secure. It suggests to me that Window’s insecurity rather than popularity is what makes it the popular target.

I guess I just wished that HTML e-mail were seen – at the worst – as being as insecure as any other e-mail, not moreso, so it could take a place as a valid means of communication, because I think that e-mails of any type are a useful vector and the figures on viral infections certainly support that.

I know nothing about Webkit other than it’s software and it’s written by humans. So there is always a possibility of a potential hole.

I wasn’t aware that Apple maintained a version of JS for Webkit like they maintain a JVM for Java. It makes sense since they seem to like to control all aspects of their OS.

If I came across as demeaning, I didn’t mean to. I just want to stress that there is always a possibility of being hacked. No matter what OS you use.

As for Safari and the iPhone. I was given the impression that the Safari on the iPhone and the latest version of Safari for both Mac and Windows are pretty much the same. If not, I’m sorry for bringing it up, but if it is, it’s a pretty big scary hole.

As for the Security through Obscurity “myth”. I have read an equal number of arguments on both sides. I have yet to hear a compelling enough argument against it to be swayed to that side. I have read many posts from valued Mac writers that have used the Security through Obscurity statement, plus just the logic of it, that it currently stands for me. The argument doesn’t mean that there are tons of holes in OS X just waiting to be exploited. It simply means that there are just not enough machines out there that are being “used by the same kinds of folks” that have Windows systems that are being used by hackers and spammers to do their dirty work. These are systems that don’t have either firewall software or a router between the OS and the street.

Kelsang Norbu: I agree that there is paranoia with HTML email, but I’m not so sure how excessive it is. Mind you, it’s been a few years since email was a delivery method for viruses, worms and trojan code. Still, if I were still using Windows for my email, I would be very careful with it. If for no other reason than to alert spammers that they have a valid email address due to image rendering. It’s really great that pretty much all email clients take care of not rendering images until the user says it’s OK. Even Gmail does this.

SPAM, man I wish I was like John Dvorak and could claim that “I get no SPAM”. I get tons. Just posting an email address on a blog like this has a good chance of that address being cought by a spam bot. However, I still post email addresses. Most spam filters seem pretty good at catching them and getting rid of them for me.

I also prefer HTML mail over plain text. It’s easier to read and many times formatter very well.

I just wanted to try to explain why there are people that don’t like HTML mail. I can’t speak for the author of this blog, but I can tell you I have heard a lot of computer pundits and Apple pundits stating that they are not very happy with Apple’s decision to put templates in Mail.app.

Some email clients have come a long way and I personally, through a little bit of care do not get any spam email anymore. If ever I need to check a dodgy email it would stick out like a sore thumb in my inbox. I will also send HTML newsletters (with a plain text version) – I’m part of a small non-profit charity and people who know about us to some extend know they can trust us – they will know there will be no funny business coming their way. No problem. I’m glad I ask the first question here and listening to all said I have to conclude – I like HTML emails and I look forward to the ones I’ve chosen to receive in my inbox. So much nicer. If we aren’t bothered about appearances then why the heck are we all loving what CSS has done for webpages. I also like Apple’s new Templates, I will uses them and I will *sensibly* edit them.