I've seen an increase in spam recently, and a lot of it has included .html attachments. Some emails masquerade as bounce messages, encouraging users to open the HTML to see what message bounced. Others use similar techniques to trick the user into opening the file. I'm considering blocking all email with a .html file attached, in an attempt to catch more of this spam. Using zen.spamhaus.org had greatly reduced the amount of spam received when I started using it last September, but a lot of these .html attachments have been getting through.
I took a look inside a few and they used META REFRESH tags to redirect to some website. Since the attachment is base64 encoded, SpamAssassin can't check the URL against the various URL blacklists.
I'm using SpamAssassin, ClamAV and simscan (an add-on for qmail) on my system, and can easily block certain attachments. My question is whether .html files are commonly sent as attachments on legitimate mail.
NOTE 1: I'm not referring to HTML formatted email, I'm specifically talking about a .html file as an attachment that must be opened in a web browser.
NOTE 2: I'm considering this for the hosting servers I maintain for 150+ domains. Most are small businesses with 1-5 accounts.
For just you? Probably not; For your company's mail server? Not unless you want to get fired.
Almost all mail these days is sent as multi-part with an HTML alternative.
I personally have my mail client set to use the plain-text version first, and there's a lot of stuff that's legitimate mail that's just junk as they don't create a useful plain text version.
For example : someone sending you stuff from Google Reader -- you get a blurb, and NO URL to follow. Some go overboard with URLs -- the spam filter at my work gives a link to select allow/ignore/etc. for each message that's quarantined with a 120+ character URL for each one.
I have never seen html sent via email, other than embedded html. Even in webdev environment, they generally just ftp the files. Depend on how many users you have you might want to just block it now to protect your users and deal with the few who complain.