never underestimate the stupidity of IE and outlook.
if you take an html file, name it foo.jpg and send it with a mime-type of image/jpeg, IE 5 on the mac and IE 4 on windows will happily parse and render it as html. (probably some versions of outlook exhibit this broken behavior too).
this technique was once used in a hotmail exploit. email someone a "jpg" and it could grab their password cookie and submit it to another site.
if securityfocus hadn't changed the structure of their bugtraq archives and broken my bookmarks, i could give you a link...