Hi
Does anyone have a reason / preference as to the best format to send email responses from a website (payment confirmation / password reminder’s etc)?
Thanks
Jon
+14
A:
In your emails, use plaintext with links to your HTML pages. HTML in email is generally widely reviled as a bad idea, because it's a gigantic security hole.
Never send passwords in email, even as a reminder. Send a link to the user's registered email address that allows them to reset their password. The absolute fastest way to make me quit using your service is to send me my password via email in plaintext.
McWafflestix
2009-05-07 16:11:35
+2
A:
Formatted plain text, please. The system my office uses currently, I had nothing to do with designing it, sends customers a formatted plain text email that looks professional, loads quite quickly in email clients, and it prints just as it looks on the screen. Not only is HTML a security hole, it can really slow down the email downloading/opening process depending on how much extraneous content is included (background colors, images, etc.). In addition, plain text is almost guaranteed to print out as displayed on the screen whereas HTML can have issues.
For passwords, as McWafflestix said, don't send passwords to email addresses. One approach to addressing the forgotten password is to create a module on your website that sends users an email with a link confirming they forget and need to reset their password and then have them answer a secret question they created. Once the identity is confirmed, send them an email with the new temporary password with a link to log in--once they click the link and enter the temporary password, have the user enter a new personal password.