View HTML mail from trusted senders, plain text from others
Combine the features and formatting of HTML e-mail with the safety of plain-text messages by designating specific senders as safe.
My previous post described how to create a quick-and-simple HTML e-mail newsletter. I mentioned that you should view the plain-text version of the newsletter so you could see how it looks to recipients who have HTML mail disabled.
But what if you're on the receiving end? How can you ensure that you see the full-color, fancy-format HTML messages sent to you by people or organizations you trust, but are protected from potentially malicious HTML mail from bad guys? In Microsoft Outlook 2003 and 2007, it's easy.
Customize Outlook's message view
Start by setting Outlook to view messages as plain text by default. In Outlook 2007, click Tools > Trust Center > E-mail Security. In Outlook 2003, click Tools > Options > Preferences > E-mail Options. In both versions, check "Read all standard mail as plain text" and click OK.
Next, allow HTML mail from sources you trust to appear by default. In both Outlook 2007 and 2003, click Tools > Options > Junk E-mail (under the Preferences tab). Choose the Safe Senders tab and make sure "Also trust e-mail from my contacts" is checked. You can also check "Automatically add people I e-mail to the Safe Senders List." Other options in this dialog let you add addresses manually and import or export your safe addresses as a .txt file. When you're done, click OK twice.
You can also add e-mail addresses to your safe list by right-clicking the address and selecting Junk E-mail > Add Sender to Safe Senders List.
I wasn't able to find a way to set Mozilla Thunderbird to view HTML mail from sources you trust and plain-text messages from everyone else. You can make the view change globally in Thunderbird by clicking View > Message Body As > Plain Text.
The other two options on this submenu let you view messages as either "Original HTML" or "Simple HTML." What's the difference? According to MozillaZine, simple HTML blocks Javascript and remote-image display and interprets only "basic" HTML commands.