According to Federal Computer Week, The Department of Defense (DoD) has taken the step of blocking HTML-based email. They are also banning the use of Outlook Web Access email clients. The DoD is making this move because HTML messages can easily be infected with spyware and executable lines of code that enable hackers to access DoD networks.
Instead of HTML formatting, DoD is going with plain text.
See my Slashdot article for the extended summary and see the original Federal Computer Week article for all the details.
Having said that, the security implications for you, the Average Joe include some of the following:
- programming code (scripts): some HTML can contain scripts that can access your computer, damage your computer and/or open channels for the bad guy to achieve even more sophisticated access to your machine.
- image requests: that basically phone home to the sender's computer to get a copy of an image. These image requests often include a message that tells the sender that you opened or previewed the message. This can validate to spammers that your email address is active and may result in you receiving more spam.
- Avoid HTML-based email all together (the Typical User likes to see the pretty colors and pictures and likes to have bold and italics, so this option will generally be avoided)
- Given the above, you can use modern email software that can be set to not run programming code or scripts and/or can strip out HTML tags entirely.
- Use email software that does not show images (i.e. does not phone home) unless you give it permission.