If you don't have personal control over the mail system you are using, it's possible that you don't have control over whether or not you use HTML.
As an armchair security pundit, I think phishing has adequately highlighted the ability of HTML to mislead, in the sense that its intended recipient is not a human, and that it has evolved into an unfortunately flexible language (and extensions) and the browsers are overly forgiving (because syntactically correct HTML is not really human-writable, either, for the average human who is tasked with doing so). So far I haven't seen a persuasive phishing email that wasn't HTML. The domain name system has enough problems (is mazdausa.com really related to mazda.com?) without involving javascript and ActiveX, but they could be corrected with proper education (how about keeping every URL under one second-level domain related to your company, perhaps companyname.com) -- ``Unthinking respect for authority is the greatest enemy of truth.'' -- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>