--On Tuesday, June 17, 2014 12:38 -0400 Scott Brim
<scott.brim@xxxxxxxxx> wrote:
> On Tue, Jun 17, 2014 at 11:51 AM, John C Klensin
> <john-ietf@xxxxxxx> wrote:
>> The things that I think have security (or significant
>> operational) impacts include tracking beacons embedded in
>> messages to tell the sender (at least) when or if they were
>> read (privacy problem), embedded large images or text that is
>> automagically downloaded when the message is opened or earlier
>> (potential DoS attack), embedded malware and scripts of
>> multiple flavors even if not intentionally hostile, and so on.
>
> Yes, there are many traps for the average user on a MUA that
> tries very hard to look spiffy. I like mutt ... but an
> alternative is to use a GUI MUA that where you can keep its
> behavior conservative. Thunderbird is not bad at that.
But not so good at some other things.
<mini-rant>
I use email heavily enough that I'd happily pay a hundred or two
USD a year for something that was optimized for IMAP desktop and
laptop use, that has good MIME support (not just patches on an
earlier approach), that was well-supported and whose design
enhanced or preserved my productivity. Wrt the latter, note that
I'm heavily dependent on IMAP disconnected mode and, like many
others here, have strong opinions about the importance of
controlled handling of HTML messages, controlled handling of
certs, S/MIME and PGP (both OpenPGP and legacy), and support for
other email and IMAP functionality that seems critical. Now
that it is the middle of 2014, an MUA that didn't have full i18n
(aka "EAI") support wouldn't be worth the cost of conversion.
Perhaps unlike others, I'm a lot less concerned about close
calendar integration or inline support of a wide variety of
media types as long as I can quickly and easily extract body
parts to the local file system, get to them, and open them with
external programs. Probably some other IETF users are in
similar situations. But the evidence is that those who are
making product decisions don't believe we constitute a market on
which they can get adequate ROIs, so we periodically end up in
these almost-pointless "where is the action" discussions that
lead nowhere... except back to the conclusions that some people
are more or less happy with whatever they are using and that a
lot of people (who presumably don't deal with the combination of
very high mail volume and the periodic need to work offline) use
some flavor of "webmail".
Sad situation, IMO.
</rant>
john