Hacker News new | ask | show | jobs
by behringer 2946 days ago
The email standard allows links in emails.
2 comments
mirimir 2946 days ago
And some of us don't follow them, for better security.
link
ddingus 2946 days ago
You are missing the spirit of the comment.

This is not a matter of can it be done and be standard, but whether it should be.

That's just as important here.

link
behringer 2946 days ago
I'm not missing anything. There's nothing wrong with placing links in emails. The link is good, presumably in and out of gmail, and is clearly a gmail feature, not an email feature. There's no problem here.
link
romwell 2946 days ago
> The link is good, presumably in and out of gmail

The link is clearly not good out of Google ecosystem. You need to have a Google account to view it. Otherwise, there's nothing stopping the e-mail client (or even recipient's email server) from fetching the link upon receipt.

To be clear: Gmail want to be a UI for sending messages via a proprietary protocol which look like emails to the sender and receiver if they are Gmail users.

If your outgoing emails were silently converted into Snapchat messages (more features! why not! everyone's one Snapchat anyway!), would you be similarly unconcerned?

>and is clearly a gmail feature, not an email feature. There's no problem here.

That's precisely the problem: turning Email into Gmail.

Remember how IE added features to HTML which were IE features, not HTML features? Remember how it wasn't at all a problem?

link
ddingus 2946 days ago
When the link is the message, and the user thinks it won't change, or go away, it's a problem.
link
mirimir 2946 days ago
And when my email client doesn't fetch remote content, it will be a problem :)

So maybe I'll be replying "Why did you send me an empty message?"

And maybe some email list software will have the same problem.

link
behringer 2946 days ago
But the email is readable, it has a link to a message online. It is not a change to the standard, since it's in the body, where you can write whatever you like. In fact, it's not even unprecedented, because Cisco has been offering this exact same type of system for years generally for PHI and other sensitive uses.
link
jasonjayr 2946 days ago
My bank send me a "Secure Cisco Message". That I think was In response to a web message support request. They didn't tell me in what form to accept the response.

It was a message with instructions to save the .html attachment to your hard drive and open it there. It included tons of obfuscated Javascript.

Without opening the message I replied back and told them "Nope. We're not going to communicate this way, this is irresponsible and dangerous."

link
mirimir 2946 days ago
A URL, or embedded content as part of HTML?

If it were just a URL, even an HTML-enabled client would show just the link. I assumed that it must be embedded content, which would be rendered as a normal-looking message.

Maybe it's both. But even so, I'd just see the link. And generally, I ignore blank messages containing links.

Also, it's not uncommon for email list software to strip HTML, and I doubt that it would decode the HTML before doing so.

link
ddingus 2946 days ago
That's my planned reply.
link