[RFC] Mass HTML email option in ACP

[DavidIQ]

+1. Should have the option available in the ACP as a checkbox. The argument that having such an option is somehow a security issue is pretty ridiculous. This is not an option for the public to use after all.

[Master_Cylinder]

I'm against it. Imo the best solution for it is to creating an extension, which can replace acp mass email module and allow admins send emails with html code.

I agree, this should be an extension.

[Alien_Time]

The argument that having such an option is somehow a security issue is pretty ridiculous. This is not an option for the public to use after all.

Exactly my point.

+1. Should have the option available in the ACP as a checkbox.

That's a good idea.. Or in the mass email section in ACP, we can have 2 separate links. 1 for Mass email that remains untouched the way it is now and a separate link for Mass HTMl email. This way, we can have a different text box for html emails like a wysiwyg type with editor that allows to paste source html code and the preview is seen in the edit box or something like that. So admins can either use the text or HTML version based on their preference.

[Master_Cylinder]

Being willing to ignore security issues just because you want to send html mail from a forum, instead of using newsletter SW designed for that, is even more ridiculous but that's just my opinion.

YMMV...

[Alien_Time]

Again with the security issue!! Maybe I will tell google and say, hey Master_Cylinder knows more than you so dont send me html newsletters.

Being willing to ignore security issues just because you want to send html mail from a forum, instead of using newsletter SW designed for that, is even more ridiculous but that's just my opinion.

Yes newsletter sw is there, but like I said in one of my previous posts, it's like a 10 step process and a lot of manual work just to export user tables, filter users who have requested / disabled emails from board in ucp, download separate tables for each groups and then send them in batches. All of these tasks can be simplified by having this in Acp. This is something that will help board admins (maybe not you) and this is used by admins to communicate with their users. It's upto to the admins to decide whether they wanna send HTML newsletters to their users or not, after all it's their website and their decision.

Are you always this negative? it's a rhetorical question.

[Master_Cylinder]

Yes, the security issues haven't changed just because you want ignore them to send html mail easily from your forum. There's no reason to add this to the core since phpBB isn't newsletter centric, it's just not what forums are for.

(all emphasis added by me)
http://www.georgedillon.com/web/html_em ... evil.shtml

HTML email can be dangerous, is not always readable, wastes bandwidth and is simply not necessary.
...
if you care at all about the people you send mail to, read on...
...
Sending HTML-formatted email is just not necessary. If the appearance of your message is important either put it on a website and mail the URL, or save it as an .rtf (or even a .pdf) document, zip that up and send it as an attachment to a plain text mail

http://voices.washingtonpost.com/securi ... ail_1.html

Likewise, sending e-mail in HTML mode is just a bad idea all around, and these days, it's a recipe for making sure the messages you send get caught in the recipient's junk mail folders.

http://www.georgedillon.com/web/html_em ... till.shtml

I was struck by the vehemence of opposition to HTML email expressed by many on the list, with some half-seriously describing it as 'evil'. A year later I understood their reasoning, but many of my newbie friends didn't...
...
So if you are happy to be ignorant, lazy, spiteful, self-centred and/or cowardly you can ignore the rest of this article and go and bask in you supercillious smugness. OTOH if you care at all about the people you send mail to, read on...
...
HTML email can be dangerous,
HTML email is not always readable,
HTML email wastes bandwidth
and
HTML email is simply not necessary.

Here:
https://www.phpbb.com/customise/db/mod/ ... ers_add_on
Maybe Martin will convert that to a extension for you.

Do you always throw a hissy-fit when people point out flaws in your suggestions? Also rhetorical (see how that works both ways? )

[Ger]

Security simply isn't an issue here. True, the admin could send malicious emails with all kind of junk, but that's not important. First of all, he already can do that with dedicated software. Second, he can throw malicious content in his forum style (hidden for bots or even only showed to registered users). And third: he has much private information about his users which he can sell.

The only possible valid point you have is that enabling HTML in mass emails makes life easier for an admin who wants to harm his user. But that same argument goes for the option to edit the style from ACP, the option for custom BBcodes, etc. Heck, even providing phpBB in the first place makes life easier for bad guys. Maybe we should destroy internet so everyone is safe?

[Alien_Time]

Do you always throw a hissy-fit when people point out flaws in your suggestions? Also rhetorical (see how that works both ways? )

Look who is now having a hissy fit over a rhetorical question. Its fine to not agree with a suggestion but its another thing to come again and again after each and every post yapping abut the security issue. You made it clear that you are against this. But you dont leave it at that. Its like you try everything to make sure that this doesnt get approved and I dont see the big deal you make it to be. Look at Pico88. He was against it too, he made his point and left it at that. But you carry on and on and on. Its just annoying - Plain & Simple. We all heard you - You feel its a security risk. Thats it!

Yes, the security issues haven't changed just because you want ignore them to send html mail easily from your forum. There's no reason to add this to the core since phpBB isn't newsletter centric, it's just not what forums are for.

Listen, these are what RFCs are for. I found it to be useful so I made the request and I can see that some admins do find it useful too. There is nothing wrong with making a suggestion that will make the work for admin easier. Thats the whole purpose of RFCs. Its not that I am ignoring the security issue. I dont see why is there even a security issue if its only the board admin who has the permission to send HTML email in the first place. Like davidiq pointed out, its not that this feature is available to every members! If a board admin is misusing it, then its their problem and they are the ones jeopardizing their website. Why are you so caught up on that and worried about that so much? Yes phpbb is a forum software, that doesnt mean that there shouldnt be a features for admins to communicate with their members. Its just stupid.

I am just gonna leave it at this. I dont want to carry on on your discussion any further that I've already have. I know you are gonna come back start yapping more. This has already consumed 2 pages over this and I am not gonna prolong over your ridiculous remarks any further. Yeah, is this hissy-fit enough for you?

Heck, even providing phpBB in the first place makes life easier for bad guys. Maybe we should destroy internet so everyone is safe?

Amen to that.. lol..Thats funny.. I laughed when I read it.

[Master_Cylinder]

Security simply isn't an issue here. True, the admin could send malicious emails with all kind of junk, but that's not important. First of all, he already can do that with dedicated software. Second, he can throw malicious content in his forum style (hidden for bots or even only showed to registered users). And third: he has much private information about his users which he can sell.

The only possible valid point you have is that enabling HTML in mass emails makes life easier for an admin who wants to harm his user. But that same argument goes for the option to edit the style from ACP, the option for custom BBcodes, etc. Heck, even providing phpBB in the first place makes life easier for bad guys. Maybe we should destroy internet so everyone is safe?

Denial isn't a river in Egypt, of course html email is a security issue, I provided 3 links that shows it is. Nobody is suggesting that "the sender" is in danger (other than the danger of getting blacklisted for spam or possibly arrested for sending virii) but the users could be. Yes, he *could* do that with dedicated SW (or a MOD/extension) but that doesn't mean that phpBB *should* be that SW to make it easy on a malicious admin. The OP already admits that it's a hassle to send html newsletters based on the forum db and that's a GOOD thing, imho. That means that spammers and malicious phpBB admins have to jump through more hoops to assault members.

phpBB is a bulletin board software. The main content of a bulletin board is its topics, containing posts. These topics are organized into forums, which are further organized into to categories. This is the basic structure that phpBB is designed to present, and it does so in a very logical manner. Sending html email from the forums may be convenient, but ultimately the more content you display, the less user-friendly it is because it's simply more stuff to process, and it can distract from the content you actually are trying to present. The main goal of the software should be to display the content the user is looking for in a user-friendly manner, and to provide intuitive ways to access and browse that data, not for sending out newsletters.
(If that slightly sounds familiar, it should. )

We already protect users by encrypting passwords (among other things), I think we should protect them from html emails too...

Do you always throw a hissy-fit when people point out flaws in your suggestions? Also rhetorical (see how that works both ways? )

Look who is now having a hissy fit over a rhetorical question.

I'm not throwing a fit, like you are, I just pointed out your snide reply.

Your damn right I'm not dropping it any more than you are dropping it. This is the real world where people debate and sometimes that means not everyone agrees. For adults that's OK.

[Ger]

It also doesn't mean that PHP should be the platform to use when sending spam... All hosting providers should ask for a certificate of good conduct before selling web space.

Look, nobody is saying that the sender is in danger. All we say is that a bad admin already has numerous tools to harm his visitors (no matter what (forum) software he uses). One extra tool doesn't make a difference.