 |
In Poco 3, there are a couple of new features related to HTML
display. Take a look at the small toolbar above the preview pane.
Among the other icons, there are three of note:
If you don't see these buttons, you may have turned them off. To
turn them on, right-click in the small toolbar and select Show
Security Control.
Before explaining how the buttons differ, here's what they all have in common:
If any of the three security features is active (the button will show a dark
background when using the default colors), no images will be fetched from external
sources on the Internet.
Here's what each button does, in order from left to right:
- Tri-color
button : "Toggle image downloading," same as Poco 2's
"Download external images" button.
- This stops Poco from retrieving external images when you open
an HTML message. This option is useful for preventing spam from
verifying your address via webbugs, for example.
Note: If an image is already in the cache from a previous fetch, it will
still appear if only Toggle Image Downloading is disabled.
- Tri-color button with black censorship boxes : Sanitize
Message.
- "Sanitize Message" does much more than merely avoid the
downloading of an image. It takes all the suspicious Javascript,
webbugs, background sounds and image HTML tags, etc., and mangles
the possibly-malicious script and external references.
Instead of saying something like:
<img height=1 width=1 src=http://WeAreSpyingOnYou.com?PersonalData=YourEmailAddress>
A Poco3-sanitized webbug will say something like the following
(emphasis added):
<sanitized_img height=1 width=1 sanitized_src=http://WeAreSpyingOnYou.com?PersonalData=YourEmailAddress>
This mangling means the HTML command is not executed, so the
external data is not requested. The effect is display-only; the
email is itself not changed.
The idea is to increase security and privacy. Spammers use
webbugs and regular external images as a form of return-receipt:
when you read the email, the image is fetched and your email
address is validated. This can leave you open to a lot more spam.
Since it's a toggle, you can easily enable it for a particular
email if you trust the source.
Meanwhile, "Download External Images" (new form: "Toggle Image
Downloading") simply enables or disables the fetching of external
images only. The content of the email is not changed even for
display. A placeholder the size of the original picture appears in
the email with a black exclamation mark on a yellow background,
indicating that downloading is disabled. This placeholder won't
appear if "Sanitize Message" is enabled.
With image downloading disabled, a newsletter will have a lot
of frames with black-on-yellow exclamation-mark placeholders, but
the form of the newsletter will be preserved. A sanitized
newsletter will look quite different.
- Gray envelope icon : Strip HTML.
- This will basically turn an HTML message into a plaintext
message.
|
