This message was prompted by recent postings on the LSTOWN-L list, however,
I believe this issue is also of concern to site administrators, so I am
posting a copy to the LSTSRV-L list, and sending a copy to the LISTSERV
technical support team as a change request. Comments are encouraged.
-----------------------------------------------------------------------------

BACKGROUND:
-----------
An HTML message sent using a properly configured email client should contain
a content type header which identifies the message as 'multipart/alternative',
and should consist of two parts - a 'text/plain' part which contains the
message body in plain text, and a 'text/html' part which contains the message
body in HTML format.

Some email client software allows the user to configure the client to send
HTML only, rather than both text and HTML. When a message is sent in this
form, it is not a multipart message, although the content type header may
identify it as 'text/html'.

The use of 'Language=NoHTML' in a list configuration results in the removal
of the 'text/html' part of a message only if the message is identified as
'multipart/alternative' and contains both 'text/plain' and 'text/html' parts.
If the message is a single part message, 'Language=NoHTML' has no effect,
regardless of the content type. This implementation may reduce the volume of
data stored in list archives and transmitted to list subscribers, however, it
ignores security concerns which are likely to prompt the use of this feature.
Recent incidents have highlighted the ease with which HTML can be used for
malicious purposes in both web pages and email messages.

REQUESTED CHANGE:
-----------------
The use of 'Language=NoHTML' in a list configuration should result in the
rejection of a single part message with the content type of 'text/html',
accompanied by an error message to the sender of the message.

--
Paul Russell
Senior System Administrator
University of Notre Dame