Michael Shannon's suggestions about sending graphic content in messages to
LISTSERVs raised a question I have related to HTML formatted email messages.

I seldom, if ever, have my email client set to display HTML in email messages. I
also never send HTML messages and do not encourage others to do so. I keep HTML
turned off and don't encourage use of it in email because HTML can contain
javascript code that can execute on the PC where the email message is read. That
seems like a security hazard to me.

Several years ago only attachments could be executed and cause problems such as
viruses and email worms. Since email clients have become capable of rendering
HTML, I've heard that email messages themselves can contain executable code and
be a security hazard.

Is there really any way an HTML email message could perform malicious actions
through javascript, vbscript, or something like that, or can potentially harmful
code (or just unwanted things like spyware) only be executed by opening and
executing an attachment to an email message?

Glenda Keyworth
Information Technology
Austin Community College