Hacker News new | comments | ask | show | jobs | submit login

To somewhat avoid email-based attacks like this, I asked my email client to show me the text instead of html email when both are provided. It's pretty clear to me that not that many people do this... many major websites send me emails where the text version is empty, truncated, completely different content, or a message like "Your email client is misconfigured, it should be showing you the html version".

I have mutt configured to open the html email in lynx and dump the text. Lynx is a terminal browser and does not support images and does not execute javascript. Prior to configuring mutt this way, I frequently encountered the kind of bad content you talk about in mail, but now I get the content and can still feel safe. I am still vulnerable to HTML parsing bugs in lynx, but I don't think the risk of anyone targeting lynx is all that big.

To read and send mail, I ssh to my mail server and use mutt there. For the most part it works great, except when I receive links I need to visit longer than about 70 characters because then I have to copy the URL in parts rather than all at once due to the plus signs inserted by mutt to indicate that the line continues.

I'm a mutt user, too. I think

set markers=no

in your ~/.muttrc will get rid of the plus signs.

That removed the plus signs. Thanks! :)

I've been configuring my clients as text-only for years and the number of image-only emails that need reading at all is essentially zero.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact