From Mary Landesman,
Colored fonts, embedded images, and stylized text are just a few of the reasons that HTML-rendered email has become popular with many folks. Sure, it makes email attractive and - in some cases - easier to read. But there are drawbacks to the glitz and glamor of HTML-rendered email. From a security standpoint, plain text email is better. Reading email in plain text offers important security benefits that more than offset the loss of pretty colored fonts.
Squash the bugs
HTML-rendered email can be virtually wiretapped through the use of invisible images, specially formed links, and other techniques that allow email to be tracked. For example, unique serial numbers are often assigned to invisible images stored on a remote server. Each time the email is read, those images are accessed, providing a record of whether the email was opened.
Commercial companies peddle software to track email, providing a means for the sender to know whether an email was read, when it was read, and even follow its tracks if it is forwarded to others. Spammers use web bugs to determine whether an email address is valid, or whether the recipient has a tendency to open spam - setting those users up for even more unwanted email in the future.
Plain text email does not support embedded images. Plain text email squashes web bugs.
A not so helpful hand
Active content can be used in HTML-rendered email that causes email attachments to open automatically, or files to be downloaded to the system. In order to bypass content filters that prohibited EXE files in email, the Winevar virus contained active content in its email that first modified the System Registry to specify .CEO files as executable, and then automatically opened the attached - and infected - .CEO file it had smuggled past the scanners.
Plain text email does not support active content. Plain text email prevents email attachments from opening automatically.
