Crispin Cowan said:
* Plain ASCII: pretty safe. It is hard to make plain ASCII do something dangerous all by itself, if all you do is render it to an xterm or such.
I disagree. With the broad availability of scripting languages (including shell scripts und windows batch files), a piece of plain ASCII may be as dangerous as a binary executable. It all depends on the interpretation. An unsecure mail client could simply execute an ASCII shell script attachment if it relies too much on mime type or file magic.
* Rich Text: While I use it every day (I really like HTML in my e-mail in Thunderbird, it enables a lot of expression) I am not technically familiar with the difference between this and HTML. Presumably some kind of restricted subset.
Rich Text is a format created by Microsoft that "provides a format for text and graphics interchange that can be used with different output devices, operating environments, and operating systems". The latest specification is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=ac57de32-17f0-4b46-9e4e-467ef9bc5540&displaylang=en There seem to be some incompatablities between different versions or implementations (e.g. RTF from Outlook is different than RTF from Word). Note that RTF files may have OLE objects included, for example images, VBscripts and other OLE documents (nearly any format supported by MS). As usal it depends on the interpretation if these contents are executed or not. It seeems that at least older versions of MS Word include and execute macro even with RTF files. -- Michel Messerschmidt, lists@michel-messerschmidt.de