Maybe this should go in the wishlist category, but I'm looking for feedback here first.
Background:
Historically, we've always set email as plain text only to protect our users from viruses and other bad stuff. This was a hard policy which blocked html completely. With Outlook 2010, we set emails to text by default but instead of blocking HTML completely we allow folks to click and switch to HTML view.
The balancing act between pretty looking emails and security always seems to get a lot of very opinionated folks on both sides of the issue when we discuss it.
Folks don't really care if external email they receive displays as HTML or not. Though they really want to to be able to use bullets and colors in internal emails.
As far as I can tell it is all or nothing.
One thing I noticed in Trust Center is a check box that says enables plain text for digitally signed messages along with a another checkbox for all standard messages to be plain text.
This implied to me that if we implemented digital signatures and unchecked plain text digital signatures box, that our internal emails would be HTML viewable (signed) and standard messages would be plain text. Though when I got an email certificate and installed it on my system, it didn't work that way. Outlook would show the signed message in plain text unless I uncheck the box that says all standard emails should be plain text.
What do you do in your environment? If you use HTML are you securing Outlook via any special policies or are you just accepting the risk?
Is it crazy to think it should be so simple to specify via group policy that all messages from @specificcompany.com are HTML by default and everything else is text by default? I don't feel like it is an unreasonable request and I'm surprised no one else is asking for this capability.
Background:
Historically, we've always set email as plain text only to protect our users from viruses and other bad stuff. This was a hard policy which blocked html completely. With Outlook 2010, we set emails to text by default but instead of blocking HTML completely we allow folks to click and switch to HTML view.
The balancing act between pretty looking emails and security always seems to get a lot of very opinionated folks on both sides of the issue when we discuss it.
Folks don't really care if external email they receive displays as HTML or not. Though they really want to to be able to use bullets and colors in internal emails.
As far as I can tell it is all or nothing.
One thing I noticed in Trust Center is a check box that says enables plain text for digitally signed messages along with a another checkbox for all standard messages to be plain text.
This implied to me that if we implemented digital signatures and unchecked plain text digital signatures box, that our internal emails would be HTML viewable (signed) and standard messages would be plain text. Though when I got an email certificate and installed it on my system, it didn't work that way. Outlook would show the signed message in plain text unless I uncheck the box that says all standard emails should be plain text.
What do you do in your environment? If you use HTML are you securing Outlook via any special policies or are you just accepting the risk?
Is it crazy to think it should be so simple to specify via group policy that all messages from @specificcompany.com are HTML by default and everything else is text by default? I don't feel like it is an unreasonable request and I'm surprised no one else is asking for this capability.