Multipart email best practices - email

I am developing a web app that sends out emails. Currently, all emails have a HTML part.
Questions:
Is it important to include a text part also?
Do you include both?
Is just removing all the tags from the HTML message and adding a few line breaks good enough to create a text part from the HTML part?
Thanks, Kevin

Is it Important to include a text part also? It's a best practice to provide a plain text version of the email. However, in my opinion and in this day and age, I would guess that it is not such a big deal to leave it out. However, if you know more about your recipients' email clients (eg: if you're sending the emails in a corporate environment and everyone uses a particular email client), then you can determine how necessary it really is.
Do you include both? The .net framework (which I use) provides an AlternateView class (MSDN) that allows you to easily specify copies of an email in different formats. It makes things very easy to include a plain text version of the email. Perhaps you can find something similar in apache/php.
Is just removing all the tags from the HTML message and adding a few line breaks good enough to create a text part from the HTML part? Technically, yes but be VERY CAREFUL here. A complex HTML layout that has been converted to plain text will look absolutely terrible if all you do is remove HTML tags and pile the content together. It really depends on your content and how much you can do to manipulate said content. Also, take a look at Campaign Monitor'ssuggestions for formatting plain text emails.
One final word of advice for you HTML emails to test, test, and then test some more. When you're finished testing, test again. HTML emails will render differently in different email clients and, if some of your recipients are using Microsoft Word 2007/2010 then you can forget about web standards. I urge you to take a look at Campaign Monitor's Guide to CSS support in email.

Related

Outlook email format changes when forwarded, How to format in such a way its not modified

The automated outlook emails using pywin32 and plain HTML were great till people started using it for forwarding and reply, Once you forward all the HTML formats are getting stripped and the borders of the table suddenly disappears. The way around is to go to your outlook settings and disable the option "Reduce message size by removing format information not necessary for the message".
The question is how to format the email so that it wont be lost when forwarded and make the format information necessary for the message ?
I have found out a work around though, It is observed that outlook is stripping of those styles which are defined in style block, If the styles are defined embedded in tags its escaping the stripping. As of now I have taken this approach

Replying to other email

I'm building webmail with PhpMailer.
I need advice about replaying to other email.
How to attach previous email? Should I simply attach it as a file - I think it's not good.
I prefer attach email text, but how? Using only blockquote? But what about previous mail's styles? I see in thunderbird blockquote with cite="mid:hash" attribute. What is it?
Maybe PhpMailer has some options regarding this?
It's generally pretty straightforward. Read this about how to deal with the headers (use addCustomHeader to set them) so that mail clients can identify it as a reply.
There's no particular standard for what to do with the body, though it's common to copy all the lines of the original body into the new message, preceded by >, though you could wrap it in a blockquote in HTML, or some other formatting. It's up to you what you do with attachments.

Exchange Disclaimer plain text formatting

I am using a Transport Rule in Exchange Server 2010 to append some HTML to the end of our company emails. This is working just fine when an email is sent out as HTML. When the message is plain text, the HTML and images are converted into [links] and it looks a mess.
Is it possible to apply conditional formatting to append an HTML message at the end of HTML emails, and a different layout for plain text emails? Failing that, can I get it to simply ignore the rule if the message isn't in HTML?
Thank you
I have discovered that the only way to achieve what I was after is by using a 3rd party add-on. So the answer to the question really is "no" for both parts!
3rd party tools like Symprex or Exclaimer may help people out in a similar situation.

Handling Outlook-style quoting in Gnus

Since a lot of my workflow is Emacs-based, I'm trying to migrate to using Gnus at the office. Most people here use Outlook and with it rely on the Microsoft-style top-quoting in replies.
I've set things up quite nicely with markdown automatically converted to HTML when I post etc. The problem is that I end with the text version of the quoted messages in the reply thread instead of the original HTML email. This is not really appreciated by the other participants in the thread.
My question is: Is there a way in which I can preserve the original HTML in the reply-chain when replying using top-posting style?
I've been looking at various ways of doing it myself, but there is actually a lot of work doing it right, as it involves parsing the original HTML and inserting my message in the right place, etc. So I was hoping that someone else might have done this already.
After a long time, this question has remained unanswered so I concluded that no one has had the need to do this.
So, I resorted to solve it myself. My solution involves taking the message that is written, passing it through muse in order to format it as HTML, then passing this generated HTML together with the original HTML source of the original mail and send it to an external application that I wrote that parses the HTML and merges them into a new HTML document. This HTML is them returned and is then inserted into the email buffer before being submitted.
There was quite a lot of hackery needed in order to make sure that attachments are handled correctly, but in the end it all worked out well.
The code is available at: https://github.com/lokedhs/gnus-outlook-style

How safe is the data being parsed by RTF editors like TinyMCE?

I have a great concern in deploying the TinyMCE editor on a website. Looking at the code parsed by the editor it does a great job, and I leave the HTML button off the toolbar configuration so users can not inject their own source.
However, from what I read in the TinyMCE docs, it claims to degrade nicely to a regular textarea should javascript be disabled on a users browser... and therein lies my concern. If it does revert to a normal textarea, then the user is then able to easily inject their own HTML, and this leaves me with a security concern.
I just pass through data created with TinyMCE, and it is used within another page created by my script, so it poses no security risk to my server. The security concern arises over what malicious data may be passed to another user viewing the generated page.
I know many of you will tell me to just use regexes, or parse this data, but that itself could be a nightmare, as I would be trying to either...
a.) Use regexes to try and clean up the HTML without breaking the generated page,
and it is better to parse the data for that anyway.
b.) Reparsing data that has already been parsed by the RTF editor, which also
would probably end up breaking the generated page.
Anyone with any previous experience with this type of scenario, I would really appreciate a 'heads-up' as to any other risks that using an RTF editor for user data could entail.
I would really like to provide this as a user option, but not if the risks outweigh giving the user using the RTF a chance to take a wack at another user viewing the page that is generated by the script.
My gut feeling is to steer a wide berth around use of the RTF at this point.
Thanks for any direction you can give me with your own experiences.
You cannot have client-side security on the web. You simply can't trust the browser, because it's easy for a malicious user to substitute a replacement browser that does whatever he wants.
If you accept HTML from users (using TinyMCE or through any other method) and display it to other users, you must sanitize or validate the HTML in some way on the server. If you're using Perl, the leading package seems to be HTML::Scrubber (along with various other modules that help you plug it in to various frameworks). I haven't had occasion to try it myself.
The TinyMCE Security page mentions some ways to make it harder for people to submit arbitrary HTML, but you still need server-side checks.
Regex is generally not considered good for parsing HTML
RegEx match open tags except XHTML self-contained tags but I have noted the "perl" tag :)
My advice when taking markup from users is to always parse it through something that can accept mal-formed HTML and return well formed HTML. These parses generally produce something that can be queried and updated with some form of XPath.
In Python there is a module called BeautifulSoup, Ruby has Nokogiri and in ASP.NET there is a project called HtmlAgilityPack that all do this sort of thing. I'm not sure what library perl has, but I'm sure there would be something.