Other vulnerabilities inherent in HTML e-mail include the ability to run Visual Basic scripts, ActiveX controls, and Macromedia flash, all of which can execute unauthorized and unsafe code.

The Twitter protest again Microsoft Outlook is losing steam, but the question remains: Is HTML e-mail dangerous or is Microsoft using security as a reason not to comply with Web standards?

Open the e-mail, and the message window becomes, in effect, a mini-browser, running the HTML code that’s part of the message. Browsers don’t run just HTML code.

The post features a side-by-side comparison of a typical HTML e-mail, and the comparison makes it look as if Outlook 2007 is unable to do CSS altogether.

A hole in Internet Explorer can cause the browser to automatically open HTML e-mail attachments that could be used by an attacker to execute malicious code.

Create your own HTML e-mail newsletter Download a newsletter template and send it to a subset of your Outlook or Thunderbird contacts--without the messages getting caught in spam filters.