Cleo,

Language=NOHTML only deletes HTML if there is a plain text attachment with
the post.

If you read the links in my original post then you realize that a poster
with malicious intent can create an HTML format email message that could do
anything that they wanted to a recipient's computer.  A few of the things
that could be done are:

   o reformatting your hard drive,
   o flashing your bios,
   o cause physical damage by, for instance, changing hardware registers to
make your CPU processor melt.

An enormous number of computers could be destroyed before Anti-Virus vendors
responded with updated AV definitions. It is quite easy to create a payload
that could not be detected by a moderator but be armed when distributed
through the list.  Target attacks could be directed to specific individuals,
employees of a specific company, or those residing in a specific country.

I am not exaggerating the danger that could be hiding in any HTML format
email message.

Jim

-----Original Message-----
From: LISTSERV list owners' forum
[mailto:[log in to unmask]]On Behalf Of Scout
Sent: Monday, May 28, 2001 1:38 PM
To: [log in to unmask]
Subject: Re: HTML posts make LISTSERV lists a soft target for hackers


On 28 May 2001, at 11:35, Jim Walker wrote:

> My post was to try to get LSOFT to feel our pain and change
> language=NOHTML to respect list owners intent.

thought it did?  I'd rather it be a set command.. so it would be to the
subscriber's intenet... or at least as much as non-complaint email programs
allow.

  ...Cleo  [log in to unmask]