[RFC] Mass HTML email option in ACP

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
Alien_Time
Registered User
Posts: 165
Joined: Fri Apr 05, 2013 3:38 am

[RFC] Mass HTML email option in ACP

Post by Alien_Time »

Would it be possible to have a feature to send mass "HTML" emails from ACP? Basically it's similar to mass email but have the ability to add HTML tags so we can style it's contents. Will be very useful especially if we want to send a newsletter or email announcements to board members with nice formatting and style rather than a simple boring text version. Would you consider adding this feature to the core?

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

HTML email is evil. If you have to have this option there better be a way for users to set theirs to plain text.
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

Alien_Time
Registered User
Posts: 165
Joined: Fri Apr 05, 2013 3:38 am

Re: [RFC] Mass HTML email option in ACP

Post by Alien_Time »

Why would you say its evil? I think that HTML makes the newsletter look a lot better provided "its designed right". It also has a better appeal visually and I noticed that more readers read my newsletters sent in HTML when compared to the simple text version where no one would want to read the whole stuff in it. HTML helps me in highlighting the key updates so people skimming through emails can quickly understand the updates instead of reading through a text version. Even big companies like google, ebay, etc.. uses html emails. Of course the only challenge is the designing of it so they are properly visible across all devices and that is something upto the admins and this shouldnt stop this feature from being added. I really think this will be a very good add-on to have in the board. This is my view on it.. :)

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

That's subjective. I don't think it looks better and from a end-user security standpoint it's not the best idea either. My mail servers automatically convert inbound or outbound to plain text.

http://www.networkworld.com/newsletters ... 7sec1.html

Like I said, IF this gets approved (I wouldn't vote for it) there better be a setting in the UCP to choose plain text or html. If not I'll be looking for an extension to remove html mail from my boards.

YMMV...
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by keith10456 »

If not a mass email, then a mass PM or Notification (maybe to particular groups).

+1
Last edited by keith10456 on Fri Oct 25, 2013 5:59 pm, edited 1 time in total.

Alien_Time
Registered User
Posts: 165
Joined: Fri Apr 05, 2013 3:38 am

Re: [RFC] Mass HTML email option in ACP

Post by Alien_Time »

It only has a security risk if the board admin misuses this HTML email feature. That's what I am saying, if done correctly this is very useful and I would by far prefer HTML email over text especially for newsletters. I have been sending HTML email to my users for the past 3 years and never had an issue with it. In fact ever since I changed from text to HTML, I started receiving more positive feedbacks from my users. So considering this, I would always stick with HTML emails over text. I never go overboard with the designing. A simple visually appealing design and information.
Master_Cylinder wrote:Like I said, IF this gets approved (I wouldn't vote for it) there better be a setting in the UCP to choose plain text or html. If not I'll be looking for an extension to remove html mail from my boards.

YMMV...
I am not asking this as a replacement to the text based mass email. I am just asking that the mass email also allows sending HTML emails directly from the board too or maybe have a separate mass HTML email section.

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

Yes, I know, and *IF* they give admins that option they should also give users the option of choosing plain text.

From a security standpoint, I hope they don't add the HTML option at all. While most admins wouldn't abuse it, I'd prefer NOT giving malicious admins another delivery tool that has known risks. There are tools that will craft, compile and encrypt undetectable malicious payloads for deployment via html mail.

HTML mail is a bad idea, ask any security consultant.
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by keith10456 »

Master_Cylinder wrote:Yes, I know, and *IF* they give admins that option they should also give users the option of choosing plain text.

From a security standpoint, I hope they don't add the HTML option at all. While most admins wouldn't abuse it, I'd prefer NOT giving malicious admins another delivery tool that has known risks. There are tools that will craft, compile and encrypt undetectable malicious payloads for deployment via html mail.

HTML mail is a bad idea, ask any security consultant.
Though that may be true... However, right now an admin can do the same thing. A phpBB admin could mass email all of their members with a malicious email at this very moment (without the feature being added to phpbb).

My point being, html is blocked from posting, messages, etc. because you cannot trust the actions of a member. However, if you're the admin/founder of the site I don't see the problem of having an option to email your members via the ACP in html format.

And as with most newsletter type features (software, etc), there should be an option to send the message via text ;)

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] Mass HTML email option in ACP

Post by Master_Cylinder »

That's true but it's easier to send malicious payloads via html mail that plain text. Why make it easier for malicious admins, especially without giving the users the option of selecting plain text which is more secure? Why wouldn't an admin want the user to be able to pick plain text delivery?

How does a user know that they can trust the forum admin? Why do you think, users at places like ESPN/CNN/etc can select to receive plain text or html? Sure they could force the users into html but many of us don't want it and for good reasons. Why do you think so many people use disposable email addresses when they sign up for websites/forums/etc?

I don't presume to tell the devs what features they can or can't put in but I still say it's bad idea...but that's only based on 20 years professional experience as network/server/IT admin/manager. ;)
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] Mass HTML email option in ACP

Post by keith10456 »

Master_Cylinder wrote:That's true but it's easier to send malicious payloads via html mail that plain text. Why make it easier for malicious admins, especially without giving the users the option of selecting plain text which is more secure? Why wouldn't an admin want the user to be able to pick plain text delivery?
If you have a malicious admin, having this feature is of no consequence because they will have the means, etc to email the member an html message anyway. Matter of fact, if you have a malicious admin they can install all kinds of scripts on the forum index so simply visiting the site will make a member a victim.
Master_Cylinder wrote:Why wouldn't an admin want the user to be able to pick plain text delivery?


If you check my post, I stated that the option of html/txt email should be added ;-)

Master_Cylinder wrote:How does a user know that they can trust the forum admin? Why do you think, users at places like ESPN/CNN/etc can select to receive plain text or html? Sure they could force the users into html but many of us don't want it and for good reasons. Why do you think so many people use disposable email addresses when they sign up for websites/forums/etc?
How does the user know they can trust the admin now?!

Currently, to email all of my members, I have to manually copy the email address of my members from my phpBB site and paste it into a separate newsletter program. Honestly speaking, in 2013 I shouldn't have to do that to send a notice to all of my members on my phpBB site. I believe this is a good idea/feature for phpBB admins. And again, yes, the option to receive the notice in text should be there (if its email and not PM/Notification).

You raised a good point but for the most part, if the admin is malicious he/she can do all of the things you're concerned about right now.

Post Reply