On Sat, Aug 19, 2023 at 11:11 PM John C Klensin <john-ietf@xxxxxxx> wrote:
p.s. The other advantage of plain text over HTML mail is a
security issue. The former is far less likely to provide a
vehicle for privacy disclosures or actual security problems than
the latter. To a certain extent that is a implementation issue,
but I do not believe the IETF has issues a standard or BCP for
that absolutely safe render of HTML email body parts.
That is entirely the fault of the IETF. The IETF needs to own it.
If this organization wants to be relevant, it has to respond to what the users want. And those users have made clear that they want bold font and italics in email. They also want proportional fonts with section headings.
So either the IETF should have written a safe subset of HTML for use in email or it should have asked W3C to do the work.
HTML was hijacked by Netscape which dumped in a large number of extensions that were in most cases poorly thought out and badly executed. The first iteration of _javascript_ was coded in two weeks and boy did that show. It took five years to make it stable and it was over a decade before AJAX became a popular tool as a result.
We don't need or want a vast amount of formatting in email messages and we certainly don't want _javascript_. We want images but those need to be sent in a fashion that doesn't compromise privacy. Links to external resources are problematic because SMTP is problematic, it lacks originator authentication and no DKIM is not that, it is only authenticating the sending service.
In 2023, I should be able to send an invoice in email as a message, not an attachment.
