oldtimer

Basically my comments were about webmail [email viewed in the broswer] in general but I wanted to see your reply first to see your grasp on things. Yours seem to be heavily-centered on email clients, those I'm not blasting.

Of course, I was only providing one example. It even branches to non-image objects contained in the e-mail.

Exactly per webmail safeguards [some people find this annoying though and disable it]. When I said hotlinked images are not attachments - this is true in webmail. Take Hotmail for example, there is no paper clip indicating an attachment when you hotlink images [amongst other things hidden in HTML coding]. Therefore making the email seem less harmful than it could potentially be.

Thanks for agreeing. And you did recommend that rule, as I'm sure you're aware. But I don't advocate that rule for the very reason you said. I was operating on the more easily pre-conceived notion of "SPAM". Specifically judging from the horribly, fake looking domains in the sender's email (best defense so far that should be adopted by ALL web e-mail: Gmail's mouseover sender name w/o opening email), if there isn't a falsified 1st & last name to obscure it (you're forced to open it to learn), and by looking at the 95% of time ridiculously named subject lines - they are very easy to spot.

Understandably, you say spam is disguised as coming from contacts. But even then the subject titles ["family photos" opposed to "nude girls" is obviously going to trick you] should alert you or at least make you privvy to a behavior not of your comrades, unless you frequently exchange photos of yourselves and the like then you're doomed. Much less, ALL attachments are scanned by major web-based clients nowadays. Yet the problem is this isn't always fullproof b/c they're usually brand new viruses exploiting brand new flaws in the application [most commonly IE].

I'm not saying "Never open ANY email". NEVER open ANY suspicious email. Period. Use your common sense.

By all means, toot it! I love the work people in your field do and appreciate it day in and day out. But I've personally dealt with these demons myself and heavily immersed myself in this area. If I'm guilty of anything, it is for lack of detail [I didn't want to nerd out anybody] and more robust compilings making for a good example [I was pressed for time]. But again, I was never debating this in OE or any email client specifically. But web e-mail opened in a browser.

Lastly, not everybody's computer has the same level of protection as we would deem "acceptable" - people on old OS'es, lack of Windows Updates, zero anti-virus, Active X enabled, Java enabled, VBScript enabled, etc. That's why it's best to teach people to avoid reading that particular questionable e-mail [staying in webmail now] altogether. Just sayin'. Hopefully it will teach that rare innocent sender to revise his e-mail habits.

__________________
Slowly but surely getting over the loss of TFP v. 3.0.
Where the hell am I?....
Showering once a month does not make you a better person.

"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy."
Martin Luther King, Jr.