I want to decrease the risk of exploits from emails in Opera Mail by disabling seeing the HTML version of emails. Is there a way to do this?
I know how to set Opera to prefer plain text, but I want it to display nothing if there is no plain text version available.
I would like to remark that modern email clients do a very good job of protection from HTML mail, so that as long as one doesn't click on any element in the message, one can't normally be infected (with the infection vector being here thru the browser, and not the email client).
In the past, a remote image with parameters could have signaled the spammer the existence of your email account. Nowadays all major email clients retrieve remote images without parameters.
In the remote past, scripting was possible in email. Nowadays email clients flatly refuse to execute any sort of scripting under any condition.
As last comment, some emails might arrive as html-only. I also sometimes receive email where the text part only contains the message that html-viewing should be turned on. In addition, while viewing only the text part, you miss out on some purposely emphasized text, emoticons and other communications.
To answer your question, I must remark that I don't believe that Opera Mail has a text-only option. You might need to migrate to some other email client for that.
I believe that Mozilla Thunderbird would be a good cross-platform solution (from the View menu, select Message Body As, and then select Plain Text).
There is no way to do exactly what you asked in Opera Mail.
The danger in displaying HTML email is that it can contain links that appear to do one thing (something safe) but actually do something else, like execute harmful code. Opera Mail includes a display option to "block external elements to suppress external embeds (HTML that references Web sites for items such as images and stylesheets), often used in spam to detect valid e-mail addresses." In the absence of an option to convert all incoming email to plain text (as in Outlook), I recommend enabling the option to block external elements.
A bit of history: older versions of Outlook Express were much more vulnerable to exploits due to a very specific security hole that allowed code to be executed when an email message was opened: no clicking of links within the message was required. This hole was closed long ago for Outlook Express. However, some users (myself included) still configure email clients to convert all incoming email to plain text because it's just incredibly annoying (don't get me started). And of course new holes could be discovered at any time. Plain text can't hide anything, so it's always going to be safe. Unless of course you thoughtlessly click on that link...
Refs:
http://www.opera.com/browser/tutorials/mail/receive/
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx
